Full name: projects.locations.instances.testFindingsRefinement
Tests for and returns past activity for a findings refinement, including, potentially, times when the findings refinement was not yet created. Each response is cumulative, so each response will contain new data as well as all data from previous responses.
HTTP request
Path parameters
Parameters
instance
string
Required. The name of the parent resource, which is the SecOps instance to test the findings refinement for. Format: projects/{project}/locations/{location}/instances/{instance}
Request body
The request body contains data with the following structure:
JSON representation
{"type": enum (FindingsRefinementType),"query": string,"interval": {object (Interval)},// Union field FindingsRefinementApplication can be only one of the following:"detectionExclusionApplication": {object (DetectionExclusionApplication)}// End of list of possible types for union field FindingsRefinementApplication.}
Required. The type of findings refinement to test. This will affect the way the query is evaluated.
query
string
Required. The query for the findings refinement. Works in conjunction with the type field to determine the findings refinement behavior that will be tested. The syntax of this string is the same as a UDM search string. See the following for more information: https://cloud.google.com/chronicle/docs/investigation/udm-search
Required. The time interval to test the findings refinement over.
Union field FindingsRefinementApplication. The resources which the findings refinement is applied to. Must correspond to the type of the findings refinement. FindingsRefinementApplication can be only one of the following:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThis endpoint \u003ccode\u003eprojects.locations.instances.testFindingsRefinement\u003c/code\u003e tests and returns past activity for a specified findings refinement, cumulatively providing new and previous data in each response.\u003c/p\u003e\n"],["\u003cp\u003eThe HTTP request uses the \u003ccode\u003ePOST\u003c/code\u003e method at the URL \u003ccode\u003ehttps://chronicle.googleapis.com/v1alpha/{instance}:testFindingsRefinement\u003c/code\u003e, requiring a specific instance as a path parameter in the format \u003ccode\u003eprojects/{project}/locations/{location}/instances/{instance}\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe request body requires information such as the \u003ccode\u003etype\u003c/code\u003e, \u003ccode\u003equery\u003c/code\u003e, and \u003ccode\u003einterval\u003c/code\u003e to define the findings refinement parameters being tested, alongside the \u003ccode\u003eFindingsRefinementApplication\u003c/code\u003e union field.\u003c/p\u003e\n"],["\u003cp\u003eThe successful response body contains \u003ccode\u003eactivity\u003c/code\u003e, which provides tested activity data for the specified findings refinement, returned within the structure of \u003ccode\u003eFindingsRefinementActivity\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eTo use this endpoint, the caller needs to have the OAuth scope \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e and the IAM permission \u003ccode\u003echronicle.findingsRefinements.test\u003c/code\u003e on the specified instance.\u003c/p\u003e\n"]]],[],null,["# Method: instances.testFindingsRefinement\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Request body](#body.request_body)\n - [JSON representation](#body.request_body.SCHEMA_REPRESENTATION)\n- [Response body](#body.response_body)\n - [JSON representation](#body.TestFindingsRefinementResponse.SCHEMA_REPRESENTATION)\n- [Authorization scopes](#body.aspect)\n- [IAM Permissions](#body.aspect_1)\n- [Try it!](#try-it)\n\n**Full name**: projects.locations.instances.testFindingsRefinement\n\nTests for and returns past activity for a findings refinement, including, potentially, times when the findings refinement was not yet created. Each response is cumulative, so each response will contain new data as well as all data from previous responses.\n\n### HTTP request\n\nChoose a location: \nafrica-south1 asia-northeast1 asia-south1 asia-southeast1 asia-southeast2 australia-southeast1 europe-west12 europe-west2 europe-west3 europe-west6 europe-west9 me-central1 me-central2 me-west1 northamerica-northeast2 southamerica-east1 us eu \n\n\u003cbr /\u003e\n\n### Path parameters\n\n### Request body\n\nThe request body contains data with the following structure:\n\n### Response body\n\nResponse message for instances.testFindingsRefinement method.\n\nIf successful, the response body contains data with the following structure:\n\n### Authorization scopes\n\nRequires the following OAuth scope:\n\n- `https://www.googleapis.com/auth/cloud-platform`\n\nFor more information, see the [Authentication Overview](/docs/authentication#authorization-gcp).\n\n### IAM Permissions\n\nRequires the following [IAM](https://cloud.google.com/iam/docs) permission on the `instance` resource:\n\n- `chronicle.findingsRefinements.test`\n\nFor more information, see the [IAM documentation](https://cloud.google.com/iam/docs)."]]
