Method: legacy.legacySearchDetections

HTTP request
Path parameters
Query parameters
Request body
Response body
- JSON representation
Authorization scopes
IAM Permissions
ListBasis
Try it!

Full name: projects.locations.instances.legacy.legacySearchDetections

Legacy endpoint for searching detections for a rule version.

HTTP request

GET https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacySearchDetections

Path parameters

Parameters

Parameters
`instance`	`string` Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
`ruleId`	`string` Required. The specific rule revision to search detections for. There are four acceptable formats: - `{rule_id}` retrieves detections for the latest revision of the Rule with rule ID \|rule_id\| - `{rule_id}@{revision_id}` retrieves detections for the Rule revision with rule ID \|rule_id\| and revision ID \|revision_id\|. - `{rule_id}@{wildcard}` retrieves detections for all revisions of the Rule with rule ID \|rule_id\|. - `{wildcard}` retrieves detections for all revisions of all Rules.
`alertState`	`enum (AlertState)` Optional. An enum that filters which detections are returned by their AlertState.
`startTime`	`string (Timestamp format)` Optional. The time to start search detections from, inclusive. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`endTime`	`string (Timestamp format)` Optional. The time to end searching detections to, exclusive. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`listBasis`	`enum (ListBasis)` Optional. Basis for determining whether to apply start_time and end_time filters for detection time or creation time of the detection.
`pageSize`	`integer` Optional. Maximum number of detections to return.
`pageToken`	`string` Optional. A page token, received from a previous `LegacySearchDetections` call. Provide this to retrieve the subsequent page. When paginating, all other parameters provided to `LegacySearchDetections` must match the call that provided the page token.

Request body

The request body must be empty.

Response body

LegacySearchDetections response message.

If successful, the response body contains data with the following structure:

JSON representation
{ "detections": [ { object (`Collection`) } ], "next_page_token": string }

Fields

Fields
`detections[]`	`object (Collection)` List of detections in Collection protos corresponding to the rule_id.
`next_page_token`	`string` A token that can be sent as `page_token` to retrieve the next page. If this field is omitted, there are no subsequent pages.

detections[]

object (Collection)

List of detections in Collection protos corresponding to the rule_id.

next_page_token

string

A token that can be sent as page_token to retrieve the next page. If this field is omitted, there are no subsequent pages.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

chronicle.legacies.legacySearchDetections

For more information, see the IAM documentation.

ListBasis

Type of Timestamp to use for listing detections.

Enums
`LIST_BASIS_UNSPECIFIED`	Unspecified list basis.
`DETECTION_TIME`	List detections by detection time.
`CREATED_TIME`	List detections by created time.