Method: instances.generateRules

HTTP request
Path parameters
Request body
- JSON representation
Response body
- JSON representation
Authorization scopes
GeneratedRule
- JSON representation

Full name: projects.locations.instances.generateRules

Generates a proposed rule given an input Threat Detection Opportunity (TDO).

HTTP request

POST https://{endpoint}/v1alpha/{instance}:generateRules

Where {endpoint} is one of the supported service endpoints.

Path parameters

Parameters

Parameters
`instance`	`string` Required. The Chronicle instance associated with the request. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. The Chronicle instance associated with the request. Format: projects/{project}/locations/{location}/instances/{instance}

Request body

The request body contains data with the following structure:

JSON representation

JSON representation
{ // Union field `rule_gen_source` can be only one of the following: "threatDetectionOpportunity": { object (`ThreatDetectionOpportunity`) } // End of list of possible types for union field `rule_gen_source`. }

{

  // Union field rule_gen_source can be only one of the following:
  "threatDetectionOpportunity": {
    object (ThreatDetectionOpportunity)
  }
  // End of list of possible types for union field rule_gen_source.
}

Fields

Fields
Union field `rule_gen_source`. The originating artifacts that should be used to generate a rule. `rule_gen_source` can be only one of the following:
`threatDetectionOpportunity`	`object (ThreatDetectionOpportunity)` The input ThreatDetectionOpportunity to generate a rule from. In the case of the Detection Engineering Agent, this is created by calling the GenerateDetectionOpportunity tool.

Union field rule_gen_source. The originating artifacts that should be used to generate a rule. rule_gen_source can be only one of the following:

threatDetectionOpportunity

object (ThreatDetectionOpportunity)

The input ThreatDetectionOpportunity to generate a rule from. In the case of the Detection Engineering Agent, this is created by calling the GenerateDetectionOpportunity tool.

Response body

Response message for instances.generateRules.

If successful, the response body contains data with the following structure:

JSON representation
{ "instance": string, "generatedRules": [ { object (`GeneratedRule`) } ] }

Fields

Fields
`instance`	`string` The Chronicle instance associated with the Threat Detection Opportunity. Format: projects/{project}/locations/{location}/instances/{instance}
`generatedRules[]`	`object (GeneratedRule)` The generated Rules.

instance

string

The Chronicle instance associated with the Threat Detection Opportunity. Format: projects/{project}/locations/{location}/instances/{instance}

generatedRules[]

object (GeneratedRule)

The generated Rules.

Authorization scopes

Requires one of the following OAuth scopes:

https://www.googleapis.com/auth/cloud-platform
https://www.googleapis.com/auth/chronicle
https://www.googleapis.com/auth/chronicle.readonly

For more information, see the Authentication Overview.

GeneratedRule

A generated Rule.

JSON representation
{ "ruleText": string, "feedbackId": string }

Fields

Fields
`ruleText`	`string` The core YARA-L text for the generated Rule.
`feedbackId`	`string` The ID of the feedback report.

ruleText

string

The core YARA-L text for the generated Rule.

feedbackId

string

The ID of the feedback report.

Method: instances.generateRules Stay organized with collections Save and categorize content based on your preferences.

HTTP request

Path parameters

Request body

Response body

Authorization scopes

GeneratedRule

Method: instances.generateRules