Method: enrichmentAgent.fetchActions

Full name: projects.locations.instances.enrichmentAgent.fetchActions

List all actions that can be executed on a given SIEM alert.

HTTP request

GET https://{endpoint}/v1alpha/{parent}/enrichmentAgent:fetchActions

Where {endpoint} is one of the supported service endpoints.

Path parameters

Parameters
parent

string

Required. The parent, which owns the collection of actions.

Query parameters

Parameters
siemAlertId

string

Required. The identifier of the SIEM alert.

Request body

The request body must be empty.

Response body

Response for enrichmentAgent.fetchActions.

If successful, the response body contains data with the following structure:

JSON representation 
{
  "parent": string,
  "integrations": [
    {
      object (AgentIntegrationDetails)
    }
  ]
}
Fields
parent

string

Output only. The parent, which owns the collection of actions.
integrations[]

object (AgentIntegrationDetails)

List of all integrations that can be used to execute actions on the SIEM alert.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-platform
  • https://www.googleapis.com/auth/chronicle
  • https://www.googleapis.com/auth/chronicle.readonly

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the parent resource:

  • chronicle.enrichmentAgent.get

For more information, see the IAM documentation.

AgentIntegrationDetails

Details of an integration that can be used to execute actions.

JSON representation 
{
  "integration": string,
  "integrationInstance": string,
  "displayName": string,
  "description": string,
  "actions": [
    {
      object (AgentIntegrationAction)
    }
  ]
}
Fields
integration

string

Unique identifier of the integration.
integrationInstance

string

Unique identifier of the integration instance.
displayName

string

Display name of the integration.
description

string

Description of the integration.
actions[]

object (AgentIntegrationAction)

List of all actions that can be executed on the SIEM alert using this integration.

AgentIntegrationAction

Details of an action that can be executed.

JSON representation 
{
  "displayName": string,
  "description": string,
  "parameters": [
    {
      object (AgentActionParameter)
    }
  ],
  "entityTypes": [
    string
  ]
}
Fields
displayName

string

The name of the action.
description

string

The description of the action.
parameters[]

object (AgentActionParameter)

The parameters required for the action.
entityTypes[]

string

The entity types that the action supports.

AgentActionParameter

Details of a parameter required for an action. Details of an action that can be executed.

JSON representation 
{
  "mandatory": boolean,
  "defaultValue": string,
  "description": string,
  "name": string,
  "value": string,
  "type": string,
  "optionalValuesJson": string
}
Fields
mandatory

boolean

Required. Whether the parameter is mandatory.
defaultValue

string

The default value of the parameter.
description

string

The description of the parameter.
name

string

The name of the parameter.
value

string

The value of the parameter.
type

string

Required. The type of the parameter.
optionalValuesJson

string

The optional values for the parameter in JSON format.