Method: legacyFederatedCases.legacyListFederatedCases

Full name: projects.locations.instances.legacyFederatedCases.legacyListFederatedCases

Lists all cases available in the federated store across all synchronized platforms. Use this method to browse and filter the consolidated library of security cases managed by the primary instance.

HTTP request


POST https://chronicle.africa-south1.rep.googleapis.com/v1alpha/{parent}/legacyFederatedCases:legacyListFederatedCases

Path parameters

Parameters
parent

string

Required. The parent, which owns this collection of LegacyFederatedCases.

Request body

The request body contains data with the following structure:

JSON representation 
{
  "pageSize": integer,
  "pageToken": string,
  "filterOperator": enum (LogicalOperatorEnum),
  "filters": [
    {
      object (CaseQueueCriteria)
    }
  ],
  "startTimeMs": string,
  "endTimeMs": string,
  "statuses": [
    enum (CaseDataStatus)
  ],
  "timeRangeFilter": enum (SearchTimeRangeType),
  "sortBy": [
    enum (SortTypeEnum)
  ],
  "isVisibleInQueue": boolean,
  "caseModificationFilter": {
    object (CaseModificationFilter)
  },
  "searchTerm": string
}
Fields
pageSize

integer

Optional. The maximum number of cases to return. The service may return fewer than this value. If unspecified, at most 100 cases will be returned. The maximum value is 1000; values above 1000 will be coerced to 1000.
pageToken

string

Optional. A page token, received from a previous legacyFederatedCases.legacyListFederatedCases call. Provide this to retrieve the subsequent page.

When paginating, all other parameters provided to legacyFederatedCases.legacyListFederatedCases must match the call that provided the page token.
filterOperator

enum (LogicalOperatorEnum)

Optional. The logical operator.
filters[]

object (CaseQueueCriteria)

Optional. The filters to apply to the list of cases.
startTimeMs

string (int64 format)

Optional. The start time of the time range filter.
endTimeMs

string (int64 format)

Optional. The end time of the time range filter.
statuses[]

enum (CaseDataStatus)

Optional. The statuses of the cases to return.
timeRangeFilter

enum (SearchTimeRangeType)

Optional. The time range filter to apply to the list of cases.
sortBy[]

enum (SortTypeEnum)

Optional. The sort type to apply to the list of cases.
isVisibleInQueue

boolean

Optional. Whether to include cases that are visible in the queue.
caseModificationFilter

object (CaseModificationFilter)

Optional. The case modification filter to apply to the list of cases.
searchTerm

string

Optional. The search term to apply to the list of cases.

Response body

Response message for legacyFederatedCases.legacyListFederatedCases.

If successful, the response body contains data with the following structure:

JSON representation 
{
  "legacyFederatedCases": [
    {
      object (LegacyFederatedCase)
    }
  ],
  "totalSize": integer,
  "nextPageToken": string
}
Fields
legacyFederatedCases[]

object (LegacyFederatedCase)

Required. page of requested cases
totalSize

integer

Required. The total number of cases that match the request.
nextPageToken

string

Optional. A token, which can be sent as pageToken to retrieve the next page. If this field is omitted, there are no subsequent pages.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-platform
  • https://www.googleapis.com/auth/chronicle
  • https://www.googleapis.com/auth/chronicle.readonly

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the parent resource:

  • chronicle.legacyFederatedCases.get

For more information, see the IAM documentation.

LogicalOperatorEnum

The logical operator.

Enums
LOGICAL_OPERATOR_UNSPECIFIED The logical operator is unspecified.
AND The logical operator is and.
OR The logical operator is or.

CaseDataStatus

Defines the possible states of a case.

Enums
CASE_DATA_STATUS_UNSPECIFIED The case data status is unspecified.
OPENED The case is opened.
CLOSED The case is closed.
ALL Any case.
MERGED The case is merged.
CREATION_PENDING The case is pending creation.

SearchTimeRangeType

Enum representing predefined time range filters.

Enums
CUSTOM The search time range type is unspecified.
LAST_DAY The search time range type is last day.
LAST_2_DAYS The search time range type is last 2 days.
LAST_3_DAYS The search time range type is last 3 days.
LAST_4_DAYS The search time range type is last 4 days.
LAST_WEEK The search time range type is last week.
LAST_2_WEEKS The search time range type is last 2 weeks.
LAST_MONTH The search time range type is last month.
LAST_3_MONTHS The search time range type is last 3 months.
LAST_6_MONTHS The search time range type is last 6 months.
LAST_YEAR The search time range type is last year.
LAST_13_MONTHS The search time range type is last 13 months.

CaseModificationFilter

Message definition for CaseModificationFilter

JSON representation 
{
  "modifiedSince": string,
  "lastCaseId": string
}
Fields
modifiedSince

string (int64 format)

Optional. The time since the last case modification in ms.
lastCaseId

string (int64 format)

Optional. The last case id.

SortTypeEnum

Defines the various ways to sort items.

Enums
CREATION_TIME_DESCENDING Sort by creation time, newest first.
CREATION_TIME_ASCENDING Sort by creation time, oldest first.
MODIFICATION_TIME_DESCENDING Sort by modification time, newest first.
MODIFICATION_TIME_ASCENDING Sort by modification time, oldest first.
PRIORITY_DESCENDING Sort by priority, highest first.
PRIORITY_ASCENDING Sort by priority, lowest first.
ID_DESCENDING Sort by ID, highest first.
ID_ASCENDING Sort by ID, lowest first.
SLA_DESCENDING Sort by SLA, most urgent (closest to breach or breached) first.
SLA_ASCENDING Sort by SLA, least urgent (furthest from breach) first.
STAGE_SLA_DESCENDING Sort by stage SLA, most urgent (closest to breach or breached) first.
STAGE_SLA_ASCENDING Sort by stage SLA, least urgent (furthest from breach) first.
SCORE_DESCENDING Sort by score, highest first.
SCORE_ASCENDING Sort by score, lowest first.
PLATFORM_DESCENDING Sort by platform, descending order (e.g., Z-A).
PLATFORM_ASCENDING Sort by platform, ascending order (e.g., A-Z).