DataSource

LINT.IfChange(dataSources)

Enums
`DATA_SOURCE_UNSPECIFIED`
`UDM`
`ENTITY`
`INGESTION_METRICS`
`RULE_DETECTIONS`	Used for the detections data source.
`RULESETS`	Used for rulesets with the detections data source.
`GLOBAL`	Used for the standard time range filter.
`IOC_MATCHES`	Used for the iocMatches data source.
`RULES`	Used for the rules data source.
`SOAR_CASES`	SOAR cases, identified as `case`.
`SOAR_PLAYBOOKS`	SOAR playbooks, identified as `playbook`.
`SOAR_CASE_HISTORY`	SOAR case history, identified as `caseHistory`.
`DATA_TABLE`	Used for the data tables source.
`INVESTIGATION`	Used as the data source for triage agent investigations. Identified as `gemini_investigation`.
`INVESTIGATION_FEEDBACK`	Used as the data source for user feedback on triage agent investigations. Identified as `gemini_investigation_feedback`.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2026-05-18 UTC.

DataSource Stay organized with collections Save and categorize content based on your preferences.