Method: instances.getEnrichmentCombination

Full name: projects.locations.instances.getEnrichmentCombination

Get the EnrichmentCombination.

HTTP request

GET https://{endpoint}/v1alpha/{name}

Where {endpoint} is one of the supported service endpoints.

Path parameters

Parameters
name

string

Required. The name of the enrichment combination to retrieve. Format: projects/{project}/locations/{location}/instances/{instance}/enrichmentCombination

Request body

The request body must be empty.

Response body

EnrichmentCombination resource represents the combination of enrichment. It is a singleton resource that contains all the enrichment combination records.

If successful, the response body contains data with the following structure:

JSON representation 
{
  "name": string,
  "enrichmentCombinationRecords": [
    {
      object (EnrichmentCombinationRecord)
    }
  ]
}
Fields
name

string

Identifier. The resource name of the enrichment combination. Format: projects/{project}/locations/{location}/instances/{instance}/enrichmentCombination
enrichmentCombinationRecords[]

object (EnrichmentCombinationRecord)

Output only. All the enrichment combination records.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-platform
  • https://www.googleapis.com/auth/chronicle
  • https://www.googleapis.com/auth/chronicle.readonly

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the name resource:

  • chronicle.enrichmentCombination.get

For more information, see the IAM documentation.

EnrichmentCombinationRecord

EnrichmentCombinationRecord represents a record of enrichment combination.

JSON representation 
{
  "enrichmentType": enum (EnrichmentType),
  "enrichmentTargetLogType": string,
  "enrichmentSource": {
    object (EnrichmentSource)
  }
}
Fields
enrichmentType

enum (EnrichmentType)

Required. The type of enrichment.
enrichmentTargetLogType

string

Required. The log type of an event that is enriched. Format: projects/{project}/locations/{location}/instances/{instance}/logTypes/{logType}
enrichmentSource

object (EnrichmentSource)

The enrichment source that an enrichment is from. For source that comes from external and does not have a log type, for example, GEO_IP_SERVICE, the ExternalEnrichmentSource field should be set.

EnrichmentType

The type of enrichment. It can be expanded to include more types in the future.

Enums
ENRICHMENT_TYPE_UNSPECIFIED Unspecified.
ALL_ENRICHMENT_TYPES ALL enrichment types.
ASSET_ENRICHMENT Asset enrichment.
USER_ENRICHMENT User enrichment.
PROCESS_ENRICHMENT Process enrichment.
GOOGLE_THREAT_INTEL_ENRICHMENT Google Threat Intel enrichment.
GEO_IP_ENRICHMENT GeoIP enrichment.

EnrichmentSource

The enrichment source that an enrichment is from. For source that comes from external and does not have a log type, for example, GEO_IP_SERVICE, the ExternalEnrichmentSource field should be set.

JSON representation 
{

  // Union field source can be only one of the following:
  "logType": string,
  "externalEnrichmentSource": enum (ExternalEnrichmentSource)
  // End of list of possible types for union field source.
}
Fields
Union field source. The source of an enrichment can be either a log type or an external enrichment source that does not have a log type. source can be only one of the following:
logType

string

Required. Raw LogType of an enrichment source. Format: projects/{project}/locations/{location}/instances/{instance}/logTypes/{logType}
externalEnrichmentSource

enum (ExternalEnrichmentSource)

Required. Represents an enrichment source from external that does not have a log type. For example, GEO_IP_SERVICE for enrichment from the GeoIP service.

ExternalEnrichmentSource

The external enrichment sources that do not have a log type associated with it.

Enums
EXTERNAL_ENRICHMENT_SOURCE_UNSPECIFIED Unspecified.
GEO_IP_SERVICE GeoIP service.