Method: instances.testFindingsRefinement

HTTP request
Path parameters
Request body
- JSON representation
Response body
- JSON representation
Authorization scopes
IAM Permissions
Try it!

Full name: projects.locations.instances.testFindingsRefinement

Tests for and returns past activity for a findings refinement, including, potentially, times when the findings refinement was not yet created. Each response is cumulative, so each response will contain new data as well as all data from previous responses.

HTTP request

POST https://chronicle.googleapis.com/v1alpha/{instance}:testFindingsRefinement

Path parameters

Parameters

Parameters
`instance`	`string` Required. The instance to test the findings refinement for. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. The instance to test the findings refinement for. Format: projects/{project}/locations/{location}/instances/{instance}

Request body

The request body contains data with the following structure:

JSON representation

JSON representation
{ "type": enum (`FindingsRefinementType`), "query": string, "interval": { object (`Interval`) }, // Union field `FindingsRefinementApplication` can be only one of the following: "detection_exclusion_application": { object (`DetectionExclusionApplication`) } // End of list of possible types for union field `FindingsRefinementApplication`. }

{
  "type": enum (FindingsRefinementType),
  "query": string,
  "interval": {
    object (Interval)
  },

  // Union field FindingsRefinementApplication can be only one of the following:
  "detection_exclusion_application": {
    object (DetectionExclusionApplication)
  }
  // End of list of possible types for union field FindingsRefinementApplication.
}

Fields
`type`	`enum (FindingsRefinementType)` Required. The type of findings refinement to test. This will affect the way the query is evaluated.
`query`	`string` Required. The query for the findings refinement. Works in conjunction with the type field to determine the findings refinement behavior that will be tested. The syntax of this string is the same as a UDM search string. See the following for more information: https://cloud.google.com/chronicle/docs/investigation/udm-search
`interval`	`object (Interval)` Required. The time interval to test the findings refinement over.
Union field `FindingsRefinementApplication`. The resources which the findings refinement is applied to. Must correspond to the type of the findings refinement. `FindingsRefinementApplication` can be only one of the following:
`detection_exclusion_application`	`object (DetectionExclusionApplication)` The resources which the detection exclusion is applied to.

Response body

Response message for TestFindingsRefinement method.

If successful, the response body contains data with the following structure:

JSON representation
{ "activity": { object (`FindingsRefinementActivity`) } }

Fields

Fields
`activity`	`object (FindingsRefinementActivity)` The tested activity for the finding refinement.

activity

object (FindingsRefinementActivity)

The tested activity for the finding refinement.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

chronicle.findingsRefinements.test

For more information, see the IAM documentation.