Method: investigations.fetchAssociated

HTTP request
Path parameters
Query parameters
Request body
Response body
- JSON representation
Authorization scopes
IAM Permissions
DetectionType
InvestigationAssociationList
- JSON representation
InvestigationAssociation
- JSON representation
Try it!

Full name: projects.locations.instances.investigations.fetchAssociated

investigations.fetchAssociated is used to fetch all the associated resources for each of the given alerts/cases.

HTTP request

Choose a location:

GET https://chronicle.africa-south1.rep.googleapis.com/v1alpha/{parent}/investigations:fetchAssociated

Path parameters

Parameters

Parameters
`parent`	`string` Required. The parent, which owns the provided alerts or cases. Format: projects/{project}/locations/{location}/instances/{instance}

parent

string

Required. The parent, which owns the provided alerts or cases. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
`detectionType`	`enum (DetectionType)` Required. The type of the identifiers provided. This is used to determine which of the alertIds and caseIds fields is populated.
`alertIds[]`	`string` Optional. The alertIds for which the associated details need to be fetched. The maximum number of alertIds that can be provided is 100.
`caseIds[]`	`string` Optional. The caseIds for which the associated details need to be fetched. The maximum number of caseIds that can be provided is 100.
`associationLimitPerDetection`	`integer` Optional. The maximum number of associations to return per detection. If not specified, at most 1 association will be returned. The maximum value is 5; values above 5 will be coerced to 5.
`orderBy`	`string` Optional. Configures ordering of associations in the response. If not specified, associations are returned in descending order of their create time. The default ordering is by create time in descending order. The orderBy string is a comma separated list of fields. Supported fields: * `createTime`, `createTime desc` * `updateTime`, `updateTime desc`

Request body

The request body must be empty.

Response body

Response message for investigations.fetchAssociated method.

If successful, the response body contains data with the following structure:

JSON representation
{ "associationsList": { string: { object (`InvestigationAssociationList`) }, ... }, "experimentalAlert": { string: boolean, ... } }

Fields

Fields
`associationsList`	`map (key: string, value: object (InvestigationAssociationList))` A map from the requested alertId or caseId to the list of associations. An object containing a list of `"key": value` pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
`experimentalAlert`	`map (key: string, value: boolean)` A map from the requested alertId or caseId to boolean indicating whether the alert is experimental(not supported for investigation) or not. An object containing a list of `"key": value` pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.

associationsList

map (key: string, value: object (InvestigationAssociationList))

A map from the requested alertId or caseId to the list of associations.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

experimentalAlert

map (key: string, value: boolean)

A map from the requested alertId or caseId to boolean indicating whether the alert is experimental(not supported for investigation) or not.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the parent resource:

chronicle.investigations.fetchAssociated

For more information, see the IAM documentation.

DetectionType

Detection type of the identifier provided.

Enums
`DETECTION_TYPE_UNSPECIFIED`	Unspecified detection type.
`DETECTION_TYPE_ALERT`	Alert detection type.
`DETECTION_TYPE_CASE`	Case detection type.

InvestigationAssociationList

Contains the list of associated investigation details for a single alert or case.

JSON representation
{ "investigationAssociations": [ { object (`InvestigationAssociation`) } ] }

Fields

Fields
`investigationAssociations[]`	`object (InvestigationAssociation)` The list of investigation association details.

investigationAssociations[]

object (InvestigationAssociation)

The list of investigation association details.

InvestigationAssociation

The investigation association details for a single alert or case.

JSON representation
{ "notebook": { object (`Notebook`) }, "investigation": { object (`Investigation`) } }

Fields

Fields
`notebook`	`object (Notebook)` Output only. The notebook associated with the provided detection ID.
`investigation`	`object (Investigation)` Output only. The investigation ran for the provided detection ID. Investigation steps taken by gemini will also be included in the investigation.

notebook

object (Notebook)

Output only. The notebook associated with the provided detection ID.

investigation

object (Investigation)

Output only. The investigation ran for the provided detection ID. Investigation steps taken by gemini will also be included in the investigation.

Method: investigations.fetchAssociated Stay organized with collections Save and categorize content based on your preferences.

HTTP request

Path parameters

Query parameters

Request body

Response body

Authorization scopes

IAM Permissions

DetectionType

InvestigationAssociationList

InvestigationAssociation

Method: investigations.fetchAssociated