Method: legacy.legacyGetEventForDetection

Full name: projects.locations.instances.legacy.legacyGetEventForDetection

Legacy endpoint for getting event for curated detection.

HTTP request

GET https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacyGetEventForDetection

Path parameters

Parameters
instance

string

Output only. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
detectionId

string (bytes format)

Required. The unique ID of the curated detection.

A base64-encoded string.
pageSize

integer

Optional. Number of events to return per page. Default value is 1000 if the page_size is not set in the request.
nextPageToken

object (NextPageToken)

Optional. Page token to support pagination. If no token is supplied, the first page of events will be returned.

Request body

The request body must be empty.

Response body

GetEventForDetection response to get event for a curated detection.

If successful, the response body contains data with the following structure:

JSON representation 
{
  "rationale": [
    string
  ],
  "conclusion": enum (Priority),
  "event": [
    {
      object (UDM)
    }
  ],
  "entities": [
    {
      object (Entity)
    }
  ],
  "detection_time": string
}
Fields
rationale[]

string

Rationale behind prioritization of event.
conclusion

enum (Priority)

Concluded priority of an event.
event[]

object (UDM)

Unified Data Model Event.
entities[]

object (Entity)

List of Entity.
detection_time

string (Timestamp format)

Detection time of detection.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.