Method: legacy.legacyGetEventForDetection

HTTP request
Path parameters
Query parameters
Request body
Response body
- JSON representation
Authorization scopes
IAM Permissions
Try it!

Full name: projects.locations.instances.legacy.legacyGetEventForDetection

Legacy endpoint for getting event for curated detection.

HTTP request

Choose a location:

Path parameters

Parameters

Parameters
`instance`	`string` Output only. The name of the parent resource, which is the SecOps instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Output only. The name of the parent resource, which is the SecOps instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters

Parameters
`detectionId`	`string (bytes format)` Required. The unique ID of the curated detection. A base64-encoded string.
`pageSize`	`integer` Optional. Number of events to return per page. Default value is 1000 if the pageSize is not set in the request.
`nextPageToken`	`object (NextPageToken)` Optional. Page token to support pagination. If no token is supplied, the first page of events will be returned.

detectionId

string (bytes format)

Required. The unique ID of the curated detection.

A base64-encoded string.

pageSize

integer

Optional. Number of events to return per page. Default value is 1000 if the pageSize is not set in the request.

nextPageToken

object (NextPageToken)

Optional. Page token to support pagination. If no token is supplied, the first page of events will be returned.

Request body

The request body must be empty.

Response body

GetEventForDetection response to get event for a curated detection.

If successful, the response body contains data with the following structure:

JSON representation
{ "rationale": [ string ], "conclusion": enum (`Priority`), "event": [ { object (`UDM`) } ], "entities": [ { object (`Entity`) } ], "detectionTime": string }

Fields
`rationale[]`	`string` Rationale behind prioritization of event.
`conclusion`	`enum (Priority)` Concluded priority of an event.
`event[]`	`object (UDM)` Unified Data Model Event.
`entities[]`	`object (Entity)` List of Entity.
`detectionTime`	`string (Timestamp format)` Detection time of detection. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

chronicle.legacies.legacyGetEventForDetection

For more information, see the IAM documentation.

Method: legacy.legacyGetEventForDetection Stay organized with collections Save and categorize content based on your preferences.