REST Resource: projects.locations.instances.views

Resource: View

View - Chronicle View. Types of Views: general, case-specific

JSON representation 
{
  "name": string,
  "displayName": string,
  "identifier": string,
  "type": enum (ViewType),
  "widgets": [
    {
      object (TemplateWidgetDefinition)
    }
  ],
  "firstPlaybookRunTime": string
}
Fields
name

string

Identifier. The resource name of the view. Format: projects/{project}/locations/{location}/instances/{instance}/views/{view}
displayName

string

Output only. Defines the view display name.
identifier

string

Output only. The identifier of the view.
type

enum (ViewType)

Optional. Defines the view type.
widgets[]

object (TemplateWidgetDefinition)

Optional. Defines the widgets in the view.
firstPlaybookRunTime

string (int64 format)

Output only. If this view is associated with a playbook and an alert, this will be populated with the time the playbook was first run on the alert. Used to determine the order of views in the UI. NOTE: Uses Unix epoch time in milliseconds to match the SOAR return type.

ViewType

Defines the view type.

Enums
VIEW_TYPE_UNSPECIFIED Unspecified view type.
ALERT_OVERVIEW Alert overview view type.
CASE_OVERVIEW Case overview view type.

TemplateWidgetDefinition

TemplateWidgetDefinition - Chronicle soar Template Widget Definition.

JSON representation 
{
  "metadata": {
    object (TemplateWidgetMetadata)
  },
  "config": {
    object
  }
}
Fields
metadata

object (TemplateWidgetMetadata)

Required. Metadata of the template widget.
config

object (Struct format)

Optional. Config is the configuration of the widget as a JSON string.

TemplateWidgetMetadata

Metadata details of a template widget.

JSON representation 
{
  "identifier": string,
  "title": string,
  "description": string,
  "templateIdentifier": string,
  "predefinedWidgetTemplateIdentifier": string,
  "actionIdentifier": string,
  "stepIdentifier": string,
  "stepIntegration": string,
  "blockStepIdentifier": string,
  "blockStepInstanceName": string,
  "conditionsGroup": {
    object (WidgetConditionsGroup)
  },
  "integrationName": string,
  "id": string,
  "width": enum (WidgetTemplateGridColumnsEnum),
  "order": integer,
  "type": enum (ViewWidgetTemplateTypeEnum),
  "presentIfEmpty": boolean,
  "isSupported": boolean
}
Fields
identifier

string

Required. The identifier of the template widget.
title

string

Required. The title of the template widget.
description

string

Required. The description of the template widget.
templateIdentifier

string

Required. The identifier of the template widget.
predefinedWidgetTemplateIdentifier

string

Required. The identifier of the predefined template widget.
actionIdentifier

string

Required. The identifier of the action.
stepIdentifier

string

Required. The identifier of a playbook step.
stepIntegration

string

Required. The identifier of a playbook integration.
blockStepIdentifier

string

Required. The identifier of a playbook block step.
blockStepInstanceName

string

Required. The name of the block step instance.
conditionsGroup

object (WidgetConditionsGroup)

Required. The conditions group of the template widget.
integrationName

string

Required. The name of the integration.
id

string (int64 format)

Required. The id of the template widget.
width

enum (WidgetTemplateGridColumnsEnum)

Required. The width of the template widget.
order

integer

Required. The order of the template widget.
type

enum (ViewWidgetTemplateTypeEnum)

Required. The type of the template widget.
presentIfEmpty

boolean

Required. Whether the widget is present if empty.
isSupported

boolean

Optional. Whether the widget is supported.

WidgetTemplateGridColumnsEnum

Represents available widget sizes on a grid.

Enums
WIDGET_TEMPLATE_GRID_COLUMNS_ENUM_UNSPECIFIED Unspecified widget size.
HALF_WIDTH Half width widget size.
FULL_WIDTH Full width widget size.
ONE_THIRD_WIDTH One third width widget size.
TWO_THIRD_WIDTH Two third width widget size.

ViewWidgetTemplateTypeEnum

Type of widget content displayed.

Enums
WIDGET_TEMPLATE_TYPE_ENUM_UNSPECIFIED Unspecified widget type.
KEY_VALUE Key value widget type.
EVENTS Events widget type.
JSON_RESULTS JSON results widget type.
HTML HTML widget type.
WALL_ACTIVITIES Wall activities widget type.
ALERTS Alerts widget type.
TIMELINE Timeline widget type.
GRAPH Graph widget type.
TEXT Text widget type.
POTENTIALLY_GROUPED_ALERTS Potentially grouped alerts widget type.
ENTITIES_HIGHLIGHT Entities highlight widget type.
PENDING_STEPS Pending steps widget type.
CASE_RECOMMENDATIONS Case recommendations widget type.
STATISTICS Statistics widget type.
CASE_DESCRIPTION Case description widget type.
INSIGHT Insight widget type.
CASE_ASSISTANT Case assistant widget type.
CASE_APS_GRAPH Case APS graph widget type.
CASE_IMPACTED_RESOURCES Case impacted resources widget type.
FORM Form widget type.
QUICK_ACTIONS Quick actions widget type.s
SIEM_ALERTS Siem alerts widget type.
RULE_OVERVIEW Rule overview widget type.

WidgetConditionsGroup

Group of conditions used for filtering/presentation.

JSON representation 
{
  "conditions": [
    {
      object (WidgetCondition)
    }
  ],
  "logicalOperator": enum (ConditionsLogicalOperator)
}
Fields
conditions[]

object (WidgetCondition)

Optional. The conditions of the group.
logicalOperator

enum (ConditionsLogicalOperator)

Optional. The logical operator of the conditions group.

WidgetCondition

A single conditional rule applied to a widget.

JSON representation 
{
  "fieldName": string,
  "value": string,
  "matchType": enum (ViewConditionFieldOperator)
}
Fields
fieldName

string

Optional. The name of the field to match.
value

string

Optional. The value to match.
matchType

enum (ViewConditionFieldOperator)

The operator to use for matching the field.

ViewConditionFieldOperator

Supported match operations for a condition.

Enums
VIEW_CONDITION_FIELD_OPERATOR_UNSPECIFIED Unspecified condition field operator.
EQUAL Equals condition field operator.
CONTAINS Contains condition field operator.
STARTS_WITH Starts with condition field operator.
GREATER_THAN Greater than condition field operator.
LESSER_THAN Less than condition field operator.
NOT_EQUAL Not equal condition field operator.
NOT_CONTAINS Not contains condition field operator.
IS_EMPTY Is empty condition field operator.
IS_NOT_EMPTY Is not empty condition field operator.

ConditionsLogicalOperator

Determines how multiple conditions are logically joined.

Enums
CONDITIONS_LOGICAL_OPERATOR_UNSPECIFIED Unspecified conditions logical operator.
AND AND conditions logical operator.
OR OR conditions logical operator.

Methods

fetchPredefined

 Fetch predefined widgets coming from integations.

get

 Get a View.

list

 List page of Views.

saveOverviewTemplate

 Save an overview template.