Method: legacy.legacySearchRuleDetectionCountBuckets

Full name: projects.locations.instances.legacy.legacySearchRuleDetectionCountBuckets

Legacy endpoint for listing detection count buckets for a Rules Engine rule.

HTTP request

GET https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacySearchRuleDetectionCountBuckets

Path parameters

Parameters
instance

string

Required. The instance the resource belongs to. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
ruleId

string

Required. The rule/curated rule ID to return buckets for.

versionTimestamp

string (Timestamp format)

Optional. The version timestamp of the rule. If not specified for a customer rule, buckets will be returned for the latest revision of the rule. Ignored for curated rules.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

timeRange

object (Interval)

Required. The time range to return buckets for.

bucketSize

enum (BucketSize)

Required. The bucket size. Only BUCKET_SIZE_DAY is currently supported.

ruleSource

enum (RuleSource)

Optional. The rule source to return buckets for. If omitted, will default to USER_RULE. Should be consistent with rule_id (USER_RULE for rules, UPPERCASE_RULE for curated rules); otherwise, there could be unexpected behavior.

Request body

The request body must be empty.

Response body

Legacy response with list of found detection count buckets.

If successful, the response body contains data with the following structure:

JSON representation
{
  "detection_count_buckets": [
    {
      object (DetectionCountBucket)
    }
  ]
}
Fields
detection_count_buckets[]

object (DetectionCountBucket)

Detection count buckets for the rule/curated rule.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

  • chronicle.legacies.legacySearchRuleDetectionCountBuckets

For more information, see the IAM documentation.