Method: legacy.legacyStreamDetectionAlerts

HTTP request
Path parameters
Request body
- JSON representation
Response body
- JSON representation
Authorization scopes
IAM Permissions
Try it!

Full name: projects.locations.instances.legacy.legacyStreamDetectionAlerts

Legacy StreamDetectionAlerts continuously streams new detection alerts as they are discovered. A detection alert is a special kind of detection. A detection is considered a "detection alert" if the rule that detected it had alerting enabled at the time of detection.

HTTP request

POST https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacyStreamDetectionAlerts

Path parameters

Parameters

Parameters
`instance`	`string` Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Request body

The request body contains data with the following structure:

JSON representation
{ "continuation_time": string, "detection_batch_size": integer }

Fields

Fields
`continuation_time`	`string (Timestamp format)` Optional. A continuation timestamp, from a previous `LegacyStreamDetectionAlerts` connection. When reconnecting, clients should provide the maximum continuation_time they have received. When initiating the very first connection, clients should leave this unspecified. If unspecified, this defaults to the time of the connection. All detection alerts discovered after continuation_time will be streamed to the client. If the value is older than 1 week, the connection request will be rejected; other RPCs should be used to get older detections. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`detection_batch_size`	`integer` Optional. The maximum number of detections to return in each detection batch. Each batch may contain fewer than this value. If unspecified, at most 10000 detection alerts will be returned in each batch. The maximum value is 10000; values above 10000 will be coerced to 10000.

continuation_time

string (Timestamp format)

Optional. A continuation timestamp, from a previous LegacyStreamDetectionAlerts connection. When reconnecting, clients should provide the maximum continuation_time they have received. When initiating the very first connection, clients should leave this unspecified. If unspecified, this defaults to the time of the connection.

All detection alerts discovered after continuation_time will be streamed to the client.

If the value is older than 1 week, the connection request will be rejected; other RPCs should be used to get older detections.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

detection_batch_size

integer

Optional. The maximum number of detections to return in each detection batch. Each batch may contain fewer than this value. If unspecified, at most 10000 detection alerts will be returned in each batch. The maximum value is 10000; values above 10000 will be coerced to 10000.

Response body

LegacyStreamDetectionAlerts response message. This represents a single detection batch. Many detection batches will be sent over the stream response.

If successful, the response body contains data with the following structure:

JSON representation
{ "detections": [ { object (`Collection`) } ], "continuation_time": string, "heartbeat": boolean }

Fields

Fields
`detections[]`	`object (Collection)` List of detection alerts that were discovered since the last detection batch was streamed.
`continuation_time`	`string (Timestamp format)` A continuation timestamp that can be sent as `continuation_time` when reconnecting to this streaming RPC. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`heartbeat`	`boolean` A boolean indicating if the response is a "heartbeat" meant to keep the connection alive.

detections[]

object (Collection)

List of detection alerts that were discovered since the last detection batch was streamed.

continuation_time

string (Timestamp format)

A continuation timestamp that can be sent as continuation_time when reconnecting to this streaming RPC.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

heartbeat

boolean

A boolean indicating if the response is a "heartbeat" meant to keep the connection alive.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

chronicle.legacies.legacyStreamDetectionAlerts

For more information, see the IAM documentation.