- HTTP request
- Path parameters
- Query parameters
- Request body
- Response body
- Authorization scopes
- IAM Permissions
- Try it!
Full name: projects.locations.instances.findEntity
Identifies the entity type and retrieves relevant data associated with a specified indicator.
HTTP request
GET https://chronicle.googleapis.com/v1alpha/{instance}:findEntity
Path parameters
| Parameters | |
|---|---|
instance |
Required. The ID of the Instance to find entity for. Format: projects/{project}/locations/{location}/instances/{instance} |
Query parameters
| Parameters | |
|---|---|
indicator |
Required. Entity indicator to search for. |
udmField |
Required. The UDM field the entity indicator belongs to. |
entityNamespace |
Required. Namespace of the entity being queried. |
referenceTime |
Required. Reference time to lookup entity. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
Request body
The request body must be empty.
Response body
Response message for find entity given an indicator.
If successful, the response body contains data with the following structure:
| JSON representation |
|---|
{
"entity": {
object ( |
| Fields | |
|---|---|
entity |
A list of entity summaries. |
Authorization scopes
Requires the following OAuth scope:
https://www.googleapis.com/auth/cloud-platform
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the instance resource:
chronicle.entities.find
For more information, see the IAM documentation.