Full name: projects.locations.instances.legacyCases.simulateAlert
Simulates a specific alert within a case, optionally replacing fields or performing grouping. The simulated alert is ingested and indexed, appearing as a test case in the queue. The simulated alert can later be used to test playbook simulations and IDE actions.
HTTP request
POST https://chronicle.africa-south1.rep.googleapis.com/v1alpha/{name}/legacyCases:simulateAlert Path parameters
| Parameters | |
|---|---|
name |
Required. The resource name of the LegacyCase to retrieve. Format: projects/{project}/locations/{location}/instances/{instance}/LegacyCases |
Request body
The request body contains data with the following structure:
| JSON representation |
|---|
{ "caseId": string, "alertIdentifier": string, "environment": string, "fieldsToReplace": { string: string, ... }, "shouldDoGrouping": boolean } |
| Fields | |
|---|---|
caseId |
Required. CaseId is the unique identifier of the case. |
alertIdentifier |
Required. AlertIdentifier is the identifier of the alert. |
environment |
Optional. Environment is the environment for the simulation. |
fieldsToReplace |
Optional. FieldsToReplace is a map of fields to replace. An object containing a list of |
shouldDoGrouping |
Optional. ShouldDoGrouping indicates whether grouping should be performed. |
Response body
If successful, the response body is an empty JSON object.
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/cloud-platformhttps://www.googleapis.com/auth/chroniclehttps://www.googleapis.com/auth/chronicle.readonly
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the name resource:
chronicle.legacyCases.ingestAlertTestCase
For more information, see the IAM documentation.