Method: legacy.legacySearchFindings

Full name: projects.locations.instances.legacy.legacySearchFindings

Legacy endpoint for listing Findings.

HTTP request


Path parameters

Parameters
instance

string

Required. The name of the parent resource, which is the SecOps instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
findingType[]

enum (CollectionType)

Required. Finding type: Uppercase, DSML, etc.
timestampRange

object (Interval)

Required. Times range to get the findings from.
pageSize

integer

Number of findings to return per page. Default value is 1000 if the pageSize is not set in the request.
nextPageToken

object (NextPageToken)

Page token to support pagination. If no token is supplied, the first page of findings will be returned.

Request body

The request body must be empty.

Response body

The SearchFindings response.

If successful, the response body contains data with the following structure:

JSON representation 
{
  "findings": [
    {
      object (Finding)
    }
  ],
  "pageToken": {
    object (NextPageToken)
  }
}
Fields
findings[]

object (Finding)

Findings found for the given filters. Note that Findings returned do not include the feedbackHistory field, only the feedbackSummary.
pageToken

object (NextPageToken)

The token to supply to get the next page of results. If there are no additional results, this will be empty.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

  • chronicle.legacies.legacySearchFindings

For more information, see the IAM documentation.

Finding

JSON representation 
{
  "uid": string,
  "findingType": enum (CollectionType),
  "uidNamespace": enum (Namespace),
  "createdTime": string,
  "lastUpdatedTime": string,
  "detectionMetadata": {
    object (SecurityResult)
  },
  "udmEvents": [
    {
      object (UdmEventInfo)
    }
  ],
  "producerDetectionIds": [
    {
      object (Id)
    }
  ],
  "feedbackSummary": {
    object (Feedback)
  },
  "feedbackHistory": [
    {
      object (Feedback)
    }
  ],
  "tags": [
    string
  ]
}
Fields
uid

string (bytes format)

A base64-encoded string.
findingType

enum (CollectionType)
uidNamespace

enum (Namespace)
createdTime

string (Timestamp format)

Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
lastUpdatedTime

string (Timestamp format)

Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
detectionMetadata

object (SecurityResult)
udmEvents[]

object (UdmEventInfo)
producerDetectionIds[]

object (Id)
feedbackSummary

object (Feedback)
feedbackHistory[]

object (Feedback)
tags[]

string