Method: legacy.legacySearchCuratedDetections

Full name: projects.locations.instances.legacy.legacySearchCuratedDetections

Legacy endpoint for searcing detections for a Curated Rule.

HTTP request

GET https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacySearchCuratedDetections

Path parameters

Parameters
instance

string

Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
ruleId

string

Required. The specific Curated Rule ID to list detections for. Detections will be aggregated across all versions of the rule.

alertState

enum (AlertState)

An enum that filters which detections are returned by their AlertState.

startTime

string (Timestamp format)

The time to start search detections from, inclusive.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

endTime

string (Timestamp format)

The time to end searching detections to, exclusive.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

listBasis

enum (ListBasis)

Basis for determining whether to apply start_time and end_time filters for detection time or creation time of the detection.

pageSize

integer

The maximum number of detections to return. The service may return fewer than this value. If unspecified, at most 100 detections will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.

pageToken

string

A page token, received from a previous LegacySearchCuratedDetections call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to LegacySearchCuratedDetections must match the call that provided the page token.

Request body

The request body must be empty.

Response body

LegacySearchCuratedDetections response message.

If successful, the response body contains data with the following structure:

JSON representation
{
  "curated_detections": [
    {
      object (Collection)
    }
  ],
  "next_page_token": string
}
Fields
curated_detections[]

object (Collection)

List of detections in Collection protos corresponding to the rule_id.

next_page_token

string

A token that can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

  • chronicle.legacies.legacySearchCuratedDetections

For more information, see the IAM documentation.

ListBasis

Type of Timestamp to use for listing detections.

Enums
LIST_BASIS_UNSPECIFIED Unspecified list basis.
DETECTION_TIME List detections by detection time.
CREATED_TIME List detections by created time.