Full name: projects.locations.instances.legacyPlaybooks.legacyAiGenerateByAlert
Generates a tailored playbook definition designed to respond to a specific security alert. Use this method to create automated investigation and remediation logic that is contextually relevant to a detected threat.
HTTP request
POST https://chronicle.africa-south1.rep.googleapis.com/v1alpha/{instance}/legacyPlaybooks:legacyAiGenerateByAlert Path parameters
| Parameters | |
|---|---|
instance |
Required. The instance to generate the playbook for. Format: projects/{project}/locations/{location}/instances/{instance} |
Request body
The request body contains data with the following structure:
| JSON representation |
|---|
{ "caseId": string, "alertId": string, "hashedUserId": string, "forceRefreshData": boolean, "isFirstRequest": boolean } |
| Fields | |
|---|---|
caseId |
Required. The case ID to which the alert belongs. |
alertId |
Required. The alert identifier. |
hashedUserId |
Optional. A hashed identifier of the user initiating the playbook generation request. |
forceRefreshData |
Optional. Indicates whether to force refresh of contextual data prior to generation. |
isFirstRequest |
Optional. Indicates whether this is the first request in the playbook generation flow. |
Response body
If successful, the response body contains an instance of LegacyPlaybookAiGenerationByAlertResult.
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/cloud-platformhttps://www.googleapis.com/auth/chroniclehttps://www.googleapis.com/auth/chronicle.readonly
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the instance resource:
chronicle.legacyPlaybooks.update
For more information, see the IAM documentation.