Method: enrichmentAgent.fetchActions

Full name: projects.locations.instances.enrichmentAgent.fetchActions

List all actions that can be executed on a given SIEM alert.

HTTP request


GET https://chronicle.africa-south1.rep.googleapis.com/v1alpha/{parent}/enrichmentAgent:fetchActions

Path parameters

Parameters
parent

string

Required. The parent, which owns the collection of actions.

Query parameters

Parameters
siemAlertId

string

Required. The identifier of the SIEM alert.

Request body

The request body must be empty.

Response body

Response for enrichmentAgent.fetchActions.

If successful, the response body contains data with the following structure:

JSON representation 
{
  "parent": string,
  "integrations": [
    {
      object (AgentIntegrationDetails)
    }
  ]
}
Fields
parent

string

Output only. The parent, which owns the collection of actions.
integrations[]

object (AgentIntegrationDetails)

List of all integrations that can be used to execute actions on the SIEM alert.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-platform
  • https://www.googleapis.com/auth/chronicle
  • https://www.googleapis.com/auth/chronicle.readonly

For more information, see the Authentication Overview.

AgentIntegrationDetails

Details of an integration that can be used to execute actions.

JSON representation 
{
  "integrationIdentifier": string,
  "integrationInstance": string,
  "displayName": string,
  "description": string,
  "actions": [
    {
      object (AgentIntegrationAction)
    }
  ]
}
Fields
integrationIdentifier

string

Unique identifier of the integration.
integrationInstance

string

Integration instance identifier that will be used to execute the action.
displayName

string

Display name of the integration.
description

string

Description of the integration.
actions[]

object (AgentIntegrationAction)

List of all actions that can be executed on the SIEM alert using this integration.

AgentIntegrationAction

Details of an action that can be executed.

JSON representation 
{
  "name": string,
  "description": string,
  "parameters": [
    {
      object (AgentActionParameter)
    }
  ],
  "aiDescription": string,
  "entityTypes": [
    string
  ]
}
Fields
name

string

The name of the action.
description

string

The description of the action.
parameters[]

object (AgentActionParameter)

The parameters required for the action.
aiDescription

string

The AI generated description of the action.
entityTypes[]

string

The entity types that the action supports.

AgentActionParameter

Details of a parameter required for an action. Details of an action that can be executed.

JSON representation 
{
  "mandatory": boolean,
  "defaultValue": string,
  "description": string,
  "name": string,
  "value": string,
  "type": string,
  "optionalValuesJson": string
}
Fields
mandatory

boolean

Required. Whether the parameter is mandatory.
defaultValue

string

The default value of the parameter.
description

string

The description of the parameter.
name

string

The name of the parameter.
value

string

The value of the parameter.
type

string

Required. The type of the parameter.
optionalValuesJson

string

The optional values for the parameter in JSON format.