Method: legacySearches.download

HTTP request
Path parameters
Query parameters
Request body
Response body
- JSON representation
Authorization scopes
IAM Permissions
CasePriority
CloseReasonEnum
SearchTimeRangeType
SortBy
- JSON representation
SortOrder
SearchEverythingCaseProperty
Paging
- JSON representation
Try it!

Full name: projects.locations.instances.legacySearches.download

legacySearches.download to get search results as csv.

HTTP request

Choose a location:

GET https://chronicle.africa-south1.rep.googleapis.com/v1alpha/{name}/legacySearches:legacyGetSearchResultsAsCsv

Path parameters

Parameters

Parameters
`name`	`string` Required. The name to get the search results for. Format: projects/{project}/locations/{location}/instances/{instance}

name

string

Required. The name to get the search results for. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
`startTime`	`string (Timestamp format)` Optional. Defines the UTC start time to search for cases by Creation time (optional - used if TimeRangeFilter is set to Custom filter). The Localization (timezone) settings are taken into consideration (default is the start of epoch time). Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`endTime`	`string (Timestamp format)` Optional. Defines the UTC end time to search for cases by Creation time (optional - used if TimeRangeFilter is set to Custom filter). The Localization (timezone) settings are taken into consideration (default is current time). Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`tags[]`	`string` Optional. List of strings representing case tags. If one or more tags exist in the case, it will be fetched.
`caseSource[]`	`string` Optional. List of strings representing case sources. Available inputs: System / Manual / Test.
`priorities[]`	`enum (CasePriority)` Optional. List of strings representing case priority
`importance[]`	`string` Optional. List of strings representing the case importance (i.e. marked as "is important"). ex. ["True"] will return only cases that were marked as important. ex. ["True","False] Will return only cases marked as important and all cases not marked as important (all). Available inputs: True / False.
`incident[]`	`string` Optional. List of strings representing cases marked as incidents. ex. ["True"] will return only cases that were marked as an incident. ex. ["True","False"] Will return all cases marked as an incident and all cases not marked as an incident (all). Available inputs: True / False.
`environments[]`	`string` Optional. List of strings representing the environments that the case is associated with. If the case matches at least one environment it will be fetched.
`assignedUsers[]`	`string` Optional. A list of strings that represents the Users (analysts) / Roles that are assigned to the case. If the case matches at least one User or Role it will be fetched. Available inputs: Username (GUID) / @Role name.
`externalAlertId`	`string` Optional. Represents the 'TicketId' mapped from the original SIEM's alert ID
`products[]`	`string` Optional. list of strings that represent the Products that exists in the case. If the case matches at least one Product it will be fetched.
`ports[]`	`string` Optional. List of strings that represent the ports that exist in the case. If the case matches at least one Port it will be fetched.
`stage[]`	`string` Optional. List of strings that represents the Stages that case is on. If the case matches at least one Stage it will be fetched. Available inputs: Triage / Assessment / Investigation / Incident / Improvement / Research.
`ruleGenerator[]`	`string` Optional. List of strings that represents the Rule Generator (Alert Type in the Platform) that exist in the case. If the case matches at least one Rule Generator it will be fetched.
`categoryOutcomes[]`	`string` Optional. List of strings that represents whether to fetch cases that contain a specific value in CategoryOutcome. Available inputs: Allowed / Blocked / [] (empty).
`involvedEntity`	`string` Optional. A string that represents an entity to search for in cases
`caseComment`	`string` Optional. A string that represents a part of the body of a case comment to search for in cases
`title`	`string` Optional. A string that represents free text / search term to search for cases. Free text will look for the case's name. Available inputs: free text / Entity: / AlertName: / DestinationEntity: / SourceEntity: / TicketIds: / CaseIDs:
`closeReason`	`enum (CloseReasonEnum)` Optional. An integer field that represents the Reason the case was closed and fetches cases that match the value
`timeRangeFilter`	`enum (SearchTimeRangeType)` Optional. A SearchTimeRangeType (integer) field that represents the number of days back to search cases by creation. time (for custom time range, use 0 and set the StartTime and EndTime parameters).
`sortBy`	`object (SortBy)` Optional. The sort by property and order.
`paging`	`object (Paging)`
`requestedPage`	`integer` Optional. The requested page.
`pageSize`	`integer` Optional. Number of entries to return.
`searchTerm`	`string` Optional. Search term.
`isCaseClosed`	`boolean` Optional. A boolean field that represents whether to filter by the case status (is closed or not). Available inputs: true / false / null.

Request body

The request body must be empty.

Response body

Response for legacySearches.download.

If successful, the response body contains data with the following structure:

JSON representation
{ "media": { object (`Media`) } }

Fields

Fields
`media`	`object (Media)` Zipped file with the integration content. Includes the following folders: Actions, Connectors, Jobs, Managers, Dependencies Each folder includes json files and a python file for the script. Includes integration definition json file. Includes metadata.json file Information representing the imported data

media

object (Media)

Zipped file with the integration content. Includes the following folders: Actions, Connectors, Jobs, Managers, Dependencies Each folder includes json files and a python file for the script. Includes integration definition json file. Includes metadata.json file Information representing the imported data

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the name resource:

chronicle.legacySearches.searchCases

For more information, see the IAM documentation.

CasePriority

Enum that represents the case priority

Enums
`UNCHANGED`	Unspecified case priority.
`INFORMATIVE`	Informative case priority.
`LOW`	Low case priority.
`MEDIUM`	Medium case priority.
`HIGH`	High case priority.
`CRITICAL`	Critical case priority.

CloseReasonEnum

Enum that represents the case close reason

Enums
`MALICIOUS`	Malicious close reason.
`NOT_MALICIOUS`	Not malicious close reason.
`MAINTENANCE`	Maintenance close reason.
`INCONCLUSIVE`	Inconclusive close reason.
`UNKNOWN`	Unknown close reason.

SearchTimeRangeType

LINT: LEGACY_NAMES Enum that represents the search time range type

Enums
`CUSTOM`	Custom search time range type.
`LAST_DAY`	Last day search time range type.
`LAST_2_DAYS`	Last 2 days search time range type.
`LAST_3_DAYS`	Last 3 days search time range type.
`LAST_4_DAYS`	Last 4 days search time range type.
`LAST_WEEK`	Last week search time range type.
`LAST_2_WEEKS`	Last 2 weeks search time range type.
`LAST_MONTH`	Last month search time range type.
`LAST_3_MONTHS`	Last 3 months search time range type.
`LAST_6_MONTHS`	Last 6 months search time range type.
`LAST_YEAR`	Last year search time range type.
`LAST_13_MONTHS`	Last 13 months search time range type.

SortBy

Message that represents the order by.

JSON representation
{ "sortOrder": enum (`SortOrder`), "sortBy": enum (`SearchEverythingCaseProperty`) }

Fields

Fields
`sortOrder`	`enum (SortOrder)` Optional. The sort order.
`sortBy`	`enum (SearchEverythingCaseProperty)` Optional. The sort by property.

sortOrder

enum (SortOrder)

Optional. The sort order.

sortBy

enum (SearchEverythingCaseProperty)

Optional. The sort by property.

SortOrder

Enum that represents the sort order.

Enums
`ASC`	Ascending sort order.
`DESC`	Descending sort order.

SearchEverythingCaseProperty

Enum that represents the properties that can be used to sort the cases.

Enums
`ID`	Id search everything case property.
`TITLE`	Title search everything case property.
`TIME`	Time search everything case property.
`USER_ASSIGNED`	UserAssigned search everything case property.
`IS_IMPORTANT`	IsImportant search everything case property.
`IS_INCIDENT`	IsIncident search everything case property.
`INVOLVED_SUSPICIOUS_ENTITY`	InvolvedSuspiciousEntity search everything case property.
`IS_CASE_CLOSED`	IsCaseClosed search everything case property.
`ENVIRONMENT`	Environment search everything case property.
`PRIORITY`	Priority search everything case property.
`STAGE`	Stage search everything case property.

Paging

JSON representation
{ "requestedPage": integer, "pageSize": integer }

Fields

Fields
`requestedPage`	`integer` Optional. The requested page.
`pageSize`	`integer` Optional. Number of entries to return.

requestedPage

integer

Optional. The requested page.

pageSize

integer

Optional. Number of entries to return.

Method: legacySearches.download Stay organized with collections Save and categorize content based on your preferences.

HTTP request

Path parameters

Query parameters

Request body

Response body

Authorization scopes

IAM Permissions

CasePriority

CloseReasonEnum

SearchTimeRangeType

SortBy

SortOrder

SearchEverythingCaseProperty

Paging

Method: legacySearches.download