- HTTP request
- Path parameters
- Query parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- Try it!
Full name: projects.locations.instances.legacy.legacyGetEventForDetection
Legacy endpoint for getting event for curated detection.
HTTP request
Path parameters
| Parameters | |
|---|---|
| instance | 
 Output only. The name of the parent resource, which is the SecOps instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance} | 
Query parameters
| Parameters | |
|---|---|
| detectionId | 
 Required. The unique ID of the curated detection. A base64-encoded string. | 
| pageSize | 
 Optional. Number of events to return per page. Default value is 1000 if the pageSize is not set in the request. | 
| nextPageToken | 
 Optional. Page token to support pagination. If no token is supplied, the first page of events will be returned. | 
Request body
The request body must be empty.
Response body
GetEventForDetection response to get event for a curated detection.
If successful, the response body contains data with the following structure:
| JSON representation | 
|---|
| { "rationale": [ string ], "conclusion": enum ( | 
| Fields | |
|---|---|
| rationale[] | 
 Rationale behind prioritization of event. | 
| conclusion | 
 Concluded priority of an event. | 
| event[] | 
 Unified Data Model Event. | 
| entities[] | 
 List of Entity. | 
| detectionTime | 
 Detection time of detection. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
Authorization scopes
Requires the following OAuth scope:
- https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the instance resource:
- chronicle.legacies.legacyGetEventForDetection
For more information, see the IAM documentation.