- HTTP request
- Path parameters
- Query parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- ListBasis
- Try it!
Full name: projects.locations.instances.legacy.legacySearchCuratedDetections
Legacy endpoint for searcing detections for a Curated Rule.
HTTP request
GET https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacySearchCuratedDetections
Path parameters
Parameters | |
---|---|
instance |
Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance} |
Query parameters
Parameters | |
---|---|
ruleId |
Required. The specific Curated Rule ID to list detections for. Detections will be aggregated across all versions of the rule. |
alertState |
An enum that filters which detections are returned by their AlertState. |
startTime |
The time to start search detections from, inclusive. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
endTime |
The time to end searching detections to, exclusive. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
listBasis |
Basis for determining whether to apply start_time and end_time filters for detection time or creation time of the detection. |
pageSize |
The maximum number of detections to return. The service may return fewer than this value. If unspecified, at most 100 detections will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000. |
pageToken |
A page token, received from a previous |
Request body
The request body must be empty.
Response body
LegacySearchCuratedDetections response message.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{
"curated_detections": [
{
object ( |
Fields | |
---|---|
curated_detections[] |
List of detections in Collection protos corresponding to the rule_id. |
next_page_token |
A token that can be sent as |
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the instance
resource:
chronicle.legacies.legacySearchCuratedDetections
For more information, see the IAM documentation.
ListBasis
Type of Timestamp to use for listing detections.
Enums | |
---|---|
LIST_BASIS_UNSPECIFIED |
Unspecified list basis. |
DETECTION_TIME |
List detections by detection time. |
CREATED_TIME |
List detections by created time. |