Method: legacySearches.legacyCaseSearchEverythingByIds

HTTP request
Path parameters
Request body
- JSON representation
Response body
Authorization scopes
IAM Permissions
Try it!

Full name: projects.locations.instances.legacySearches.legacyCaseSearchEverythingByIds

legacySearches.legacyCaseSearchEverythingByIds to get search results for cases by ids.

HTTP request

Choose a location:

POST https://chronicle.africa-south1.rep.googleapis.com/v1alpha/{instance}/legacySearches:legacyCaseSearchEverythingByIds

Path parameters

Parameters

Parameters
`instance`	`string` Required. The instance to get the search results for. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. The instance to get the search results for. Format: projects/{project}/locations/{location}/instances/{instance}

Request body

The request body contains data with the following structure:

JSON representation

JSON representation
{ "startTime": string, "endTime": string, "tags": [ string ], "caseSource": [ string ], "priorities": [ enum (`CasePriority`) ], "importance": [ string ], "incident": [ string ], "environments": [ string ], "assignedUsers": [ string ], "externalAlertId": string, "products": [ string ], "ports": [ string ], "stage": [ string ], "ruleGenerator": [ string ], "categoryOutcomes": [ string ], "involvedEntity": string, "caseComment": string, "title": string, "closeReason": enum (`CloseReasonEnum`), "timeRangeFilter": enum (`SearchTimeRangeType`), "sortBy": { object (`SortBy`) }, "paging": { object (`Paging`) }, "requestedPage": integer, "pageSize": integer, "searchTerm": string, "isCaseClosed": boolean }

{
  "startTime": string,
  "endTime": string,
  "tags": [
    string
  ],
  "caseSource": [
    string
  ],
  "priorities": [
    enum (CasePriority)
  ],
  "importance": [
    string
  ],
  "incident": [
    string
  ],
  "environments": [
    string
  ],
  "assignedUsers": [
    string
  ],
  "externalAlertId": string,
  "products": [
    string
  ],
  "ports": [
    string
  ],
  "stage": [
    string
  ],
  "ruleGenerator": [
    string
  ],
  "categoryOutcomes": [
    string
  ],
  "involvedEntity": string,
  "caseComment": string,
  "title": string,
  "closeReason": enum (CloseReasonEnum),
  "timeRangeFilter": enum (SearchTimeRangeType),
  "sortBy": {
    object (SortBy)
  },
  "paging": {
    object (Paging)
  },
  "requestedPage": integer,
  "pageSize": integer,
  "searchTerm": string,
  "isCaseClosed": boolean
}

Fields
`startTime`	`string (Timestamp format)` Optional. Defines the UTC start time to search for cases by Creation time (optional - used if TimeRangeFilter is set to Custom filter). The Localization (timezone) settings are taken into consideration (default is the start of epoch time). Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`endTime`	`string (Timestamp format)` Optional. Defines the UTC end time to search for cases by Creation time (optional - used if TimeRangeFilter is set to Custom filter). The Localization (timezone) settings are taken into consideration (default is current time). Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`tags[]`	`string` Optional. List of strings representing case tags. If one or more tags exist in the case, it will be fetched.
`caseSource[]`	`string` Optional. List of strings representing case sources. Available inputs: System / Manual / Test.
`priorities[]`	`enum (CasePriority)` Optional. List of strings representing case priority
`importance[]`	`string` Optional. List of strings representing the case importance (i.e. marked as "is important"). ex. ["True"] will return only cases that were marked as important. ex. ["True","False] Will return only cases marked as important and all cases not marked as important (all). Available inputs: True / False.
`incident[]`	`string` Optional. List of strings representing cases marked as incidents. ex. ["True"] will return only cases that were marked as an incident. ex. ["True","False"] Will return all cases marked as an incident and all cases not marked as an incident (all). Available inputs: True / False.
`environments[]`	`string` Optional. List of strings representing the environments that the case is associated with. If the case matches at least one environment it will be fetched.
`assignedUsers[]`	`string` Optional. A list of strings that represents the Users (analysts) / Roles that are assigned to the case. If the case matches at least one User or Role it will be fetched. Available inputs: Username (GUID) / @Role name.
`externalAlertId`	`string` Optional. Represents the 'TicketId' mapped from the original SIEM's alert ID
`products[]`	`string` Optional. list of strings that represent the Products that exists in the case. If the case matches at least one Product it will be fetched.
`ports[]`	`string` Optional. List of strings that represent the ports that exist in the case. If the case matches at least one Port it will be fetched.
`stage[]`	`string` Optional. List of strings that represents the Stages that case is on. If the case matches at least one Stage it will be fetched. Available inputs: Triage / Assessment / Investigation / Incident / Improvement / Research.
`ruleGenerator[]`	`string` Optional. List of strings that represents the Rule Generator (Alert Type in the Platform) that exist in the case. If the case matches at least one Rule Generator it will be fetched.
`categoryOutcomes[]`	`string` Optional. List of strings that represents whether to fetch cases that contain a specific value in CategoryOutcome. Available inputs: Allowed / Blocked / [] (empty).
`involvedEntity`	`string` Optional. A string that represents an entity to search for in cases
`caseComment`	`string` Optional. A string that represents a part of the body of a case comment to search for in cases
`title`	`string` Optional. A string that represents free text / search term to search for cases. Free text will look for the case's name. Available inputs: free text / Entity: / AlertName: / DestinationEntity: / SourceEntity: / TicketIds: / CaseIDs:
`closeReason`	`enum (CloseReasonEnum)` Optional. An integer field that represents the Reason the case was closed and fetches cases that match the value
`timeRangeFilter`	`enum (SearchTimeRangeType)` Optional. A SearchTimeRangeType (integer) field that represents the number of days back to search cases by creation. time (for custom time range, use 0 and set the StartTime and EndTime parameters).
`sortBy`	`object (SortBy)` Optional. The sort by property and order.
`paging`	`object (Paging)`
`requestedPage`	`integer` Optional. The requested page.
`pageSize`	`integer` Optional. Number of entries to return.
`searchTerm`	`string` Optional. Search term.
`isCaseClosed`	`boolean` Optional. A boolean field that represents whether to filter by the case status (is closed or not). Available inputs: true / false / null.

Response body

If successful, the response body contains an instance of LegacyCaseSearchEverythingResponse.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

chronicle.legacySearches.searchCases

For more information, see the IAM documentation.

Method: legacySearches.legacyCaseSearchEverythingByIds Stay organized with collections Save and categorize content based on your preferences.