Method: instances.findRelatedEntities

Full name: projects.locations.instances.findRelatedEntities

Finds all the entities associated with provided entity.

HTTP request


Path parameters

Parameters
instance

string

Required. The name of the parent resource, which is the SecOps instance to find related entities for. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
timeRange

object (Interval)

Required. Time range to search related entities for [inclusive start time, exclusive end time).

pageSize

integer

The maximum number of Entities to return. The service may return fewer than this value. If unspecified, at most 100 entities will be returned. The maximum value is 100; values above 100 will be coerced to 100.

pageToken

string

A page token received from a previous SummarizeEntityRequest call. Provide this to retrieve the subsequent page.

entityTypes[]

enum (EntityType)

Optional. Entity types to filter related entities by. If unspecified, will return all related entities for the given entity.

domainType

enum (DomainType)

Optional. The domain type to retrieve. This is taken into account when the entity type is specified as "DOMAIN_NAME".

excludeFirstLastSeen

boolean

Optional. If true, then the related entities will not have first/last seen info and reduce latency of endpoint.

includeAllUdmEventTypesForFirstLastSeen

boolean

Optional. If true, it includes all types of events we show in UDM Search to calculate the first and last seen time of an entity.

Union parameter id. Identifier to find the entity. id can be only one of the following:
entityId

string

ID of the entity.

fieldAndValue

object (FieldAndValue)

Field path and value to identify entity.

Request body

The request body must be empty.

Response body

Response message for finding related entities.

If successful, the response body contains data with the following structure:

JSON representation
{
  "relatedEntities": [
    {
      object (Entity)
    }
  ],
  "nextPageToken": string,
  "hasMoreEntities": boolean,
  "resultTimeRange": {
    object (Interval)
  }
}
Fields
relatedEntities[]

object (Entity)

List of related entities.

nextPageToken

string

A token, which can be sent as pageToken to retrieve the next page. If this field is omitted, there are no subsequent pages.

hasMoreEntities

boolean

Indicates if there are more relatedEntities available but were not returned due to the pageSize.

resultTimeRange

object (Interval)

Time range of related entities

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

  • chronicle.entities.findRelatedEntities

For more information, see the IAM documentation.

DomainType

Domain Type.

Enums
DOMAIN_TYPE_UNSPECIFIED Unspecified.
DOMAIN_TYPE_SIBLING Sibling domain.
DOMAIN_TYPE_SUBDOMAIN Subdomain.