- HTTP request
- Path parameters
- Query parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- AssetAlertSummary
- AssetAlertInfo
- UserAlertSummary
- Try it!
Full name: projects.locations.instances.legacy.legacySearchEnterpriseWideAlerts
RPC for getting all alerts in a time range in legacy page site.
HTTP request
GET https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacySearchEnterpriseWideAlerts
Path parameters
Parameters | |
---|---|
instance |
Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance} |
Query parameters
Parameters | |
---|---|
timestampRange |
Required. Time range [start, end) for alerts to retrieve. |
maxNumAlertsReturn |
Required. Maximum number of alert events to return across all assets & users. Note that this is not a limit on the cumulative number of alert_summaries & user_summaries returned, nor a limit on the total number of alert_infos to return as each alert might be associated with more than one asset and/or user. |
Request body
The request body must be empty.
Response body
Returns alerts for the customer in the requested time range
If successful, the response body contains data with the following structure:
JSON representation |
---|
{ "alert_summaries": [ { object ( |
Fields | |
---|---|
alert_summaries[] |
Alerts that occurred in the requested time range, grouped by asset |
more_data_available |
Indicates that more data was available but not sent due to more hits than max_num_alerts_to_return. |
user_alert_summaries[] |
Alerts that occurred in the requested time range, grouped by user |
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the instance
resource:
chronicle.legacies.legacySearchEnterpriseWideAlerts
For more information, see the IAM documentation.
AssetAlertSummary
An Asset and its associated alerts.
JSON representation |
---|
{ "asset": { object ( |
Fields | |
---|---|
asset |
The best indicator we have for this asset |
alert_info[] |
Relevant information of alerts associated with the asset. |
AssetAlertInfo
Alert information an asset-based alert
JSON representation |
---|
{
"alert": string,
"source_product": string,
"severity": string,
"alert_time": string,
"filter_properties": {
object ( |
Fields | |
---|---|
alert |
Alert category |
source_product |
Alert log source product name |
severity |
Normalized severity level of the alert |
alert_time |
Timestamp of the alert A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
filter_properties |
Filter properties associated wth the alert |
alert_number |
Alert number used to identify an alert event. |
uid |
Used to link to the alert. Only populated for Security Command Center alerts. A base64-encoded string. |
UserAlertSummary
User and associated alerts
JSON representation |
---|
{ "user": { object ( |
Fields | |
---|---|
user |
Best user indicator from available user indicators |
alert_infos[] |
Relevant information of alerts associated with the User. |