This resource represents the BigQuery export configuration for a Chronicle instance which includes Google Cloud Platform resources like Cloud Storage buckets, BigQuery datasets etc and the export settings for each data source.
| JSON representation | 
|---|
| { "name": string, "provisioned": boolean, "bigQueryExportPackage": enum ( | 
| Fields | |
|---|---|
| name | 
 Identifier. The resource name of the BigQueryExport. Format: projects/{project}/locations/{location}/instances/{instance}/bigQueryExport | 
| provisioned | 
 Output only. Whether the BigQueryExport has been provisioned for the Chronicle instance. | 
| bigQueryExportPackage | 
 Output only. The BigQueryExportPackage entitled for the Chronicle instance. | 
| entityGraphSettings | 
 Optional. The export settings for the Entity Graph data source. | 
| iocMatchesSettings | 
 Optional. The export settings for the IOC Matches data source. | 
| ruleDetectionsSettings | 
 Optional. The export settings for the Rule Detections data source. | 
| udmEventsAggregatesSettings | 
 Optional. The export settings for the UDM Events Aggregates data source. | 
| udmEventsSettings | 
 Optional. The export settings for the UDM Events data source. | 
BigQueryExportPackage
The BigQueryExportPackage entitled for the Chronicle instance.
| Enums | |
|---|---|
| BIG_QUERY_EXPORT_PACKAGE_UNSPECIFIED | The BigQueryExportPackage is unspecified. | 
| BIG_QUERY_EXPORT_PACKAGE_BYOBQ | The BigQueryExportPackage is Bring Your Own BigQuery. | 
| BIG_QUERY_EXPORT_PACKAGE_ADVANCED | The BigQueryExportPackage is Advanced BigQuery. | 
DataSourceExportSettings
The export settings for a data source.
| JSON representation | 
|---|
| {
  "enabled": boolean,
  "retentionDays": integer,
  "latestExportJobState": enum ( | 
| Fields | |
|---|---|
| enabled | 
 Required. Whether the data source is enabled for export. | 
| retentionDays | 
 Required. The retention period for the data source in days. | 
| latestExportJobState | 
 Output only. The state of the latest data source export job. | 
| dataFreshnessTime | 
 Output only. The data freshness of the given export which represents the time bucket at which the latest event was exported. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:  | 
| dataVolume | 
 Output only. The stored data volume of all the exports. | 
LatestExportJobState
The state of the latest data source export job.
| Enums | |
|---|---|
| LATEST_EXPORT_JOB_STATE_UNSPECIFIED | The latest export job state is unspecified. | 
| LATEST_EXPORT_JOB_STATE_SUCCESS | The latest export job state is successful. | 
| LATEST_EXPORT_JOB_STATE_FAILED | The latest export job state is failed. |