- HTTP request
- Path parameters
- Query parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- Try it!
Full name: projects.locations.instances.legacy.legacySearchRuleDetectionCountBuckets
Legacy endpoint for listing detection count buckets for a Rules Engine rule.
HTTP request
GET https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacySearchRuleDetectionCountBuckets
Path parameters
Parameters | |
---|---|
instance |
Required. The instance the resource belongs to. Format: projects/{project}/locations/{location}/instances/{instance} |
Query parameters
Parameters | |
---|---|
ruleId |
Required. The rule/curated rule ID to return buckets for. |
versionTimestamp |
Optional. The version timestamp of the rule. If not specified for a customer rule, buckets will be returned for the latest revision of the rule. Ignored for curated rules. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
timeRange |
Required. The time range to return buckets for. |
bucketSize |
Required. The bucket size. Only BUCKET_SIZE_DAY is currently supported. |
ruleSource |
Optional. The rule source to return buckets for. If omitted, will default to USER_RULE. Should be consistent with rule_id (USER_RULE for rules, UPPERCASE_RULE for curated rules); otherwise, there could be unexpected behavior. |
Request body
The request body must be empty.
Response body
Legacy response with list of found detection count buckets.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{
"detection_count_buckets": [
{
object ( |
Fields | |
---|---|
detection_count_buckets[] |
Detection count buckets for the rule/curated rule. |
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the instance
resource:
chronicle.legacies.legacySearchRuleDetectionCountBuckets
For more information, see the IAM documentation.