Full name: projects.locations.instances.enrichmentAgent.executeActions
Executes a list of manual actions on a given SIEM alert.
HTTP request
POST https://chronicle.africa-south1.rep.googleapis.com/v1alpha/{parent}/enrichmentAgent:executeActions Path parameters
| Parameters | |
|---|---|
parent |
Required. The parent, which owns the collection of actions. |
Request body
The request body contains data with the following structure:
| JSON representation |
|---|
{
"siemAlertId": string,
"actions": [
{
object ( |
| Fields | |
|---|---|
siemAlertId |
Required. The identifier of the SIEM alert. |
actions[] |
Required. The actions to execute. |
Response body
Response for enrichmentAgent.executeActions. Details of an action that can be executed.
If successful, the response body contains data with the following structure:
| JSON representation |
|---|
{
"parent": string,
"results": [
{
object ( |
| Fields | |
|---|---|
parent |
Output only. The parent, which owns the collection of actions. |
results[] |
The results of the actions. |
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/cloud-platformhttps://www.googleapis.com/auth/chroniclehttps://www.googleapis.com/auth/chronicle.readonly
For more information, see the Authentication Overview.
ExecuteActionRequest
Request for executing a manual action.
| JSON representation |
|---|
{ "targetEntities": [ string ], "parameters": { string: string, ... }, "actionName": string, "integrationInstance": string } |
| Fields | |
|---|---|
targetEntities[] |
Required. The target entities. repeated AgentSecurityEntity targetEntities = 1 [ |
parameters |
Optional. The parameters. An object containing a list of |
actionName |
Required. The action name. |
integrationInstance |
Required. The integration instance. |