Method: legacyCases.createSimulatedCustomCase

Full name: projects.locations.instances.legacyCases.createSimulatedCustomCase

Creates a custom (simulated) case.

HTTP request


POST https://chronicle.us.rep.googleapis.com/v1alpha/{name}/legacyCases:createSimulatedCustomCase

Path parameters

Parameters
name

string

Required. The resource name of the LegacyCase to retrieve. Format: projects/{project}/locations/{location}/instances/{instance}/LegacyCases

Request body

The request body contains data with the following structure:

JSON representation 
{
  "alertSource": string,
  "ruleName": string,
  "alertProduct": string,
  "alertName": string,
  "eventName": string,
  "additionalAlertFields": [
    {
      object (CustomSimulatedCaseKeyValue)
    }
  ],
  "additionalEventFields": [
    {
      object (CustomSimulatedCaseKeyValue)
    }
  ]
}
Fields
alertSource

string

Required. AlertSource is the source of the alert.
ruleName

string

Required. RuleName is the name of the rule that triggered the alert.
alertProduct

string

Required. AlertProduct is the product that generated the alert.
alertName

string

Required. AlertName is the name of the alert.
eventName

string

Required. EventName is the name of the event.
additionalAlertFields[]

object (CustomSimulatedCaseKeyValue)

Required. AdditionalAlertFields are additional fields for the alert.
additionalEventFields[]

object (CustomSimulatedCaseKeyValue)

Required. AdditionalEventFields are additional fields for the event.

Response body

If successful, the response body is an empty JSON object.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the name resource:

  • chronicle.legacyCases.simulate

For more information, see the IAM documentation.