- HTTP request
- Path parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- ExecutionError
- Try it!
Full name: projects.locations.instances.legacy.legacyTestRuleStreaming
LegacyTestRuleStreaming tests the given rule text over a specified time range and streams detections/errors back without persisting them.
HTTP request
POST https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacyTestRuleStreaming
Path parameters
Parameters | |
---|---|
instance |
Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance} |
Request body
The request body contains data with the following structure:
JSON representation |
---|
{ "rule_text": string, "start_time": string, "end_time": string, "max_detections": integer, "scope": string } |
Fields | |
---|---|
rule_text |
Required. The rule text to test as a UTF-8 string. |
start_time |
Optional. The start time of the time range of events to test the rule text over. If unspecified, will default to 12 hours before end_time. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
end_time |
Optional. The end time of the time range of events to test the rule text over. If unspecified, will either default to 12 hours after start_time, or the current day bucket if start_time is also unspecified. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
max_detections |
Optional. The maximum number of detections to return. The service may return fewer than this value. If unspecified, at most 1,000 detections will be returned. The maximum value is 10,000; values above 10,000 will be coerced to 10,000. |
scope |
Optional. The data access scope to use to run the rule. This field is only required if data access control is enabled. If reference lists are used in the rule, validations are performed against this scope to ensure that the reference lists are compatible with both the user's and the rule's scopes. The scope should be in the format: "projects/{project}/locations/{location}/instances/{instance}/dataAccessScopes/{scope}". |
Response body
LegacyTestRuleStreaming response message.
If successful, the response body contains data with the following structure:
JSON representation |
---|
{ // Union field |
Fields | |
---|---|
Union field
|
|
detection |
A detection generated from the test. The following fields will not be set because the detection is not persisted: - created_time - detection[].rule_id - detection[].rule_version id will be set, but cannot be passed to other methods to retrieve the detection since it is not persisted. |
execution_error |
An execution error generated from the test. |
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the instance
resource:
chronicle.legacies.legacyTestRuleStreaming
For more information, see the IAM documentation.
ExecutionError
An execution error generated from the test.
JSON representation |
---|
{ "error": { object ( |
Fields | |
---|---|
error |
The error status corresponding with the execution error. |
time_range |
The event time range that the execution error corresponds with. |