Method: legacy.legacySearchCuratedDetections

Full name: projects.locations.instances.legacy.legacySearchCuratedDetections

Legacy endpoint for searcing detections for a Curated Rule.

GET https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacySearchCuratedDetections

Parameters

Parameters
`instance`	`string` Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Parameters
`ruleId`	`string` Required. The specific Curated Rule ID to list detections for. Detections will be aggregated across all versions of the rule.
`alertState`	`enum (AlertState)` An enum that filters which detections are returned by their AlertState.
`startTime`	`string (Timestamp format)` The time to start search detections from, inclusive. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`endTime`	`string (Timestamp format)` The time to end searching detections to, exclusive. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`listBasis`	`enum (ListBasis)` Basis for determining whether to apply start_time and end_time filters for detection time or creation time of the detection.
`pageSize`	`integer` The maximum number of detections to return. The service may return fewer than this value. If unspecified, at most 100 detections will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
`pageToken`	`string` A page token, received from a previous `LegacySearchCuratedDetections` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `LegacySearchCuratedDetections` must match the call that provided the page token.

The request body must be empty.

LegacySearchCuratedDetections response message.

If successful, the response body contains data with the following structure:

JSON representation
{ "curated_detections": [ { object (`Collection`) } ], "next_page_token": string }

Fields

Fields
`curated_detections[]`	`object (Collection)` List of detections in Collection protos corresponding to the rule_id.
`next_page_token`	`string` A token that can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.

curated_detections[]

object (Collection)

List of detections in Collection protos corresponding to the rule_id.

next_page_token

string

A token that can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

Requires the following OAuth scope:

For more information, see the Authentication Overview.

Requires the following IAM permission on the instance resource:

For more information, see the IAM documentation.

ListBasis

Type of Timestamp to use for listing detections.

Enums
`LIST_BASIS_UNSPECIFIED`	Unspecified list basis.
`DETECTION_TIME`	List detections by detection time.
`CREATED_TIME`	List detections by created time.