Full name: projects.locations.instances.legacy.legacySearchFindings
Legacy endpoint for listing Findings.
HTTP request
Path parameters
Parameters
instance
string
Required. The name of the parent resource, which is the SecOps instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}
Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThis endpoint, \u003ccode\u003eprojects.locations.instances.legacy.legacySearchFindings\u003c/code\u003e, is used to list findings from a specified Chronicle instance using the \u003ccode\u003eGET\u003c/code\u003e HTTP method.\u003c/p\u003e\n"],["\u003cp\u003eThe request requires a \u003ccode\u003efindingType\u003c/code\u003e and \u003ccode\u003etimestamp\u003c/code\u003e range as query parameters, alongside a required \u003ccode\u003einstance\u003c/code\u003e path parameter, and supports pagination with \u003ccode\u003epageSize\u003c/code\u003e and \u003ccode\u003enextPageToken\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe response body for a successful request will contain an array of \u003ccode\u003efindings\u003c/code\u003e, which include detailed information such as \u003ccode\u003euid\u003c/code\u003e, \u003ccode\u003efinding_type\u003c/code\u003e, \u003ccode\u003ecreated_time\u003c/code\u003e, and related \u003ccode\u003eudm_events\u003c/code\u003e, as well as a \u003ccode\u003epage_token\u003c/code\u003e if there are more results.\u003c/p\u003e\n"],["\u003cp\u003eAccessing this endpoint requires the \u003ccode\u003echronicle.legacies.legacySearchFindings\u003c/code\u003e IAM permission on the instance resource and the \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e OAuth scope.\u003c/p\u003e\n"],["\u003cp\u003eThe request body for the \u003ccode\u003eGET\u003c/code\u003e method must be empty.\u003c/p\u003e\n"]]],[],null,["# Method: legacy.legacySearchFindings\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Query parameters](#body.QUERY_PARAMETERS)\n- [Request body](#body.request_body)\n- [Response body](#body.response_body)\n - [JSON representation](#body.LegacySearchFindingsResponse.SCHEMA_REPRESENTATION)\n- [Authorization scopes](#body.aspect)\n- [IAM Permissions](#body.aspect_1)\n- [Finding](#Finding)\n - [JSON representation](#Finding.SCHEMA_REPRESENTATION)\n- [Try it!](#try-it)\n\n**Full name**: projects.locations.instances.legacy.legacySearchFindings\n\nLegacy endpoint for listing Findings.\n\n### HTTP request\n\nChoose a location: \nafrica-south1 asia-northeast1 asia-south1 asia-southeast1 asia-southeast2 australia-southeast1 europe-west12 europe-west2 europe-west3 europe-west6 europe-west9 me-central1 me-central2 me-west1 northamerica-northeast2 southamerica-east1 us eu \n\n\u003cbr /\u003e\n\n### Path parameters\n\n### Query parameters\n\n### Request body\n\nThe request body must be empty.\n\n### Response body\n\nThe SearchFindings response.\n\nIf successful, the response body contains data with the following structure:\n\n### Authorization scopes\n\nRequires the following OAuth scope:\n\n- `https://www.googleapis.com/auth/cloud-platform`\n\nFor more information, see the [Authentication Overview](/docs/authentication#authorization-gcp).\n\n### IAM Permissions\n\nRequires the following [IAM](https://cloud.google.com/iam/docs) permission on the `instance` resource:\n\n- `chronicle.legacies.legacySearchFindings`\n\nFor more information, see the [IAM documentation](https://cloud.google.com/iam/docs).\n\nFinding\n-------"]]