- HTTP request
- Path parameters
- Query parameters
- Request body
- Response body
- Authorization scopes
- MinimalInvolvedThreatIndicator
- MinimalInvolvedEntity
- MinimalInvolvedMappedEvent
- AgentPropertyValue
Full name: projects.locations.instances.enrichmentAgent.fetchAlertData
Retrieves data for a specific SIEM alert for a context for the enrichment agent.
HTTP request
GET https://chronicle.africa-south1.rep.googleapis.com/v1alpha/{parent}/enrichmentAgent:fetchAlertData Path parameters
| Parameters | |
|---|---|
parent |
Required. The resource name of the enrichment agent Format: projects/{project}/locations/{location}/instances/{instance}/enrichmentAgent: |
Query parameters
| Parameters | |
|---|---|
siemAlertId |
Required. The identifier of the SIEM alert. |
Request body
The request body must be empty.
Response body
Response for GetAlertData.
If successful, the response body contains data with the following structure:
| JSON representation |
|---|
{ "parent": string, "caseAlert": { object ( |
| Fields | |
|---|---|
parent |
Output only. The parent, which owns the collection of actions. |
caseAlert |
The case alert. |
entities[] |
The entities involved in the alert. |
events[] |
The events involved in the alert. |
executedActions[] |
The actions executed on the alert. |
comments[] |
The comments on the alert. |
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/cloud-platformhttps://www.googleapis.com/auth/chroniclehttps://www.googleapis.com/auth/chronicle.readonly
For more information, see the Authentication Overview.
MinimalInvolvedThreatIndicator
Minimal information about a threat indicator.
| JSON representation |
|---|
{ "ruleGenerator": string, "product": string, "displayName": string, "vendor": string, "sourceSystemName": string, "originalName": string, "sourceSystemUrl": string, "sourceRuleIdentifier": string } |
| Fields | |
|---|---|
ruleGenerator |
The rule generator. |
product |
The product. |
displayName |
The display name. |
vendor |
The vendor. |
sourceSystemName |
The source system name. |
originalName |
The original name. |
sourceSystemUrl |
The source system URL. |
sourceRuleIdentifier |
The source rule identifier. |
MinimalInvolvedEntity
Minimal information about an entity.
| JSON representation |
|---|
{ "entityType": string, "entityId": string, "isSuspicious": boolean, "threatSource": string, "operationSystem": string, "networkName": string, "networkPriority": integer, "isAttacker": boolean, "isPivot": boolean, "additionalProperties": { string: string, ... }, "sourceSystemUrl": string } |
| Fields | |
|---|---|
entityType |
The entity type. |
entityId |
The entity identifier. |
isSuspicious |
Whether the entity is suspicious. |
threatSource |
The threat source. |
operationSystem |
The operation system. |
networkName |
The network name. |
networkPriority |
The network priority. |
isAttacker |
Whether the entity is an attacker. |
isPivot |
Whether the entity is a pivot. |
additionalProperties |
Additional properties. An object containing a list of |
sourceSystemUrl |
The source system URL. |
MinimalInvolvedMappedEvent
Minimal information about a mapped event.
| JSON representation |
|---|
{
"product": string,
"sourceSystemName": string,
"rawFields": [
{
object ( |
| Fields | |
|---|---|
product |
The product. |
sourceSystemName |
The source system name. |
rawFields[] |
The raw fields. |
AgentPropertyValue
A property value.
| JSON representation |
|---|
{ "key": string, "value": string } |
| Fields | |
|---|---|
key |
The key. |
value |
The value. |