Method: mappingRules.save

HTTP request
Path parameters
Request body
- JSON representation
Response body
Authorization scopes
IAM Permissions

Full name: projects.locations.instances.ontologyRecords.mappingRules.save

Saves a mapping rule configuration for a specific ontology record. This is used to persist new rules or updates to existing mapping logic.

HTTP request

Choose a location:

POST https://chronicle.africa-south1.rep.googleapis.com/v1alpha/{parent}/mappingRules:save

Path parameters

Parameters

Parameters
`parent`	`string` Required. The parent resource name. Format: projects/{project}/locations/{location}/instances/{instance}/ontologyRecords/{ontologyRecord}

parent

string

Required. The parent resource name. Format: projects/{project}/locations/{location}/instances/{instance}/ontologyRecords/{ontologyRecord}

Request body

The request body contains data with the following structure:

JSON representation

JSON representation
{ "securityEventFieldName": string, "transformationFunction": enum (`TransformationFunction`), "rawDataPrimaryFieldMatchTerm": string, "rawDataPrimaryFieldComparisonType": enum (`ComparisonType`), "enrichmentFields": [ string ], "isArtifact": boolean, "extractionFunction": enum (`ExtractionFunction`), "ontologyConfigurationLevel": enum (`OntologyConfigurationLevel`), "targetFieldType": enum (`TargetFieldType`), "transformationFunctionParam": string, "rawDataSecondaryFieldMatchTerm": string, "rawDataSecondaryFieldComparisonType": enum (`ComparisonType`), "rawDataThirdFieldMatchTerm": string, "rawDataThirdFieldComparisonType": enum (`ComparisonType`), "extractionFunctionParam": string, "eventName": string }

{
  "securityEventFieldName": string,
  "transformationFunction": enum (TransformationFunction),
  "rawDataPrimaryFieldMatchTerm": string,
  "rawDataPrimaryFieldComparisonType": enum (ComparisonType),
  "enrichmentFields": [
    string
  ],
  "isArtifact": boolean,
  "extractionFunction": enum (ExtractionFunction),
  "ontologyConfigurationLevel": enum (OntologyConfigurationLevel),
  "targetFieldType": enum (TargetFieldType),
  "transformationFunctionParam": string,
  "rawDataSecondaryFieldMatchTerm": string,
  "rawDataSecondaryFieldComparisonType": enum (ComparisonType),
  "rawDataThirdFieldMatchTerm": string,
  "rawDataThirdFieldComparisonType": enum (ComparisonType),
  "extractionFunctionParam": string,
  "eventName": string
}

Fields
`securityEventFieldName`	`string` Required. The name of the security event field.
`transformationFunction`	`enum (TransformationFunction)` Required. The transformation function to apply.
`rawDataPrimaryFieldMatchTerm`	`string` Required. The primary field match term in the raw data.
`rawDataPrimaryFieldComparisonType`	`enum (ComparisonType)` Required. The comparison type for the primary field.
`enrichmentFields[]`	`string` Optional. Enrichment fields (if any).
`isArtifact`	`boolean` Required. Indicates if this rule is for artifact extraction.
`extractionFunction`	`enum (ExtractionFunction)` Required. The extraction function to apply.
`ontologyConfigurationLevel`	`enum (OntologyConfigurationLevel)` Required. Ontology Configuration Level.
`targetFieldType`	`enum (TargetFieldType)` Required. Target Field Type.
`transformationFunctionParam`	`string` Optional. Parameters for the transformation function (if any).
`rawDataSecondaryFieldMatchTerm`	`string` Optional. The secondary field match term in the raw data (optional).
`rawDataSecondaryFieldComparisonType`	`enum (ComparisonType)` Optional. The comparison type for the secondary field.
`rawDataThirdFieldMatchTerm`	`string` Optional. The third field match term in the raw data (optional).
`rawDataThirdFieldComparisonType`	`enum (ComparisonType)` Optional. The comparison type for the third field.
`extractionFunctionParam`	`string` Optional. Extraction function parameters (if any).
`eventName`	`string` Optional. The event name of the ontology event.

Response body

If successful, the response body is an empty JSON object.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-platform
https://www.googleapis.com/auth/chronicle
https://www.googleapis.com/auth/chronicle.readonly

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the parent resource:

chronicle.mappingRules.update

For more information, see the IAM documentation.

Method: mappingRules.save Stay organized with collections Save and categorize content based on your preferences.