- Resource: Instance
- WipeoutState
- ComplianceRequirements
- ComplianceCertification
- InstanceConfig
- Entitlement
- PackageTier
- DREAlignmentStateInfo
- DREAlignmentState
- Methods
Resource: Instance
A Instance represents an instantiation of the Instance product.
| JSON representation |
|---|
{ "name": string, "state": enum ( |
| Fields | |
|---|---|
name |
Identifier. The resource name of this instance. Format: |
state |
Output only. The state of the instance. |
purgeTime |
Output only. The earliest time that soft-deleted tenants will be permanently deleted and will no longer be able to be undeleted. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
deleteTime |
Output only. The time at which the instance was soft-deleted. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
wipeoutStatus |
Output only. The wipeout status of the instance. |
displayName |
Output only. The display name of the instance. |
secopsUrls[] |
Output only. URL of the SecOps instance for the instance. https://{frontendPath}.backstory.chronicle.security |
customerCode |
Output only. An acronym related to the company name. |
createTime |
Output only. The time at which the instance was created. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
complianceRequirements |
Optional. Compliance requirements for the instance. |
instanceConfig |
Optional. Instance Configs represents the features that can be enabled/disabled by the customer |
frontendPathConfigs[] |
Output only. List of frontend path - workforce pool provider id configs of the instance. |
entitlement |
Output only. Entitlement information for the Chronicle instance, including details about the customer's package tier, data retention period, billing, and service dates. |
WipeoutState
The wipeout status of the instance.
| Enums | |
|---|---|
WIPEOUT_STATE_UNSPECIFIED |
The default value. |
DELETE_REQUESTED |
The instance has requested deletion. |
SOFT_DELETE_IN_PROGRESS |
The instance is in the process of being soft-deleted. |
SOFT_DELETE_COMPLETED |
The instance has been soft-deleted. |
UNDELETE_REQUESTED |
The instance has requested undeletion. |
DATA_DELETION_IN_PROGRESS |
The instance is in the process of being data deleted. |
ERROR |
The instance has an error during wipeout. |
WIPED_OUT |
The instance has been wiped out. |
UNDELETE_COMPLETED |
The instance has been undeleted. |
ComplianceRequirements
Compliance requirements.
| JSON representation |
|---|
{
"complianceCertifications": [
enum ( |
| Fields | |
|---|---|
complianceCertifications[] |
Optional. A list of compliance certifications. |
ComplianceCertification
Compliance certifications.
| Enums | |
|---|---|
COMPLIANCE_CERTIFICATION_UNSPECIFIED |
LINT.IfChange(instance-compliance-certification) Unspecified compliance certification. |
FEDRAMP_MODERATE |
FedRAMP Moderate. |
HIPAA |
HIPAA. |
PCI_DSS |
PCI DSS. |
FEDRAMP_HIGH |
FedRAMP High. |
IL4 |
IL4. |
IL5 |
IL5. |
CHRONICLE_CMEK_V1 |
Chronicle CMEK V1. |
DRZ_ADVANCED |
DRZ_ADVANCED. |
EU_DATA_BOUNDARY |
EU Data Boundary. |
REGIONAL_DATA_BOUNDARY |
Regional Data Boundary. |
AUSTRALIA_DATA_BOUNDARY_AND_SUPPORT |
Australia Data Boundary and Support. |
US_DATA_BOUNDARY_FOR_HEALTHCARE_AND_LIFE_SCIENCES |
US Data Boundary for Healthcare and Life Sciences. |
US_DATA_BOUNDARY_FOR_HEALTHCARE_AND_LIFE_SCIENCES_WITH_SUPPORT |
US Data Boundary for Healthcare and Life Sciences with Support. |
KSA_DATA_BOUNDARY_WITH_ACCESS_JUSTIFICATIONS |
KSA Data Boundary with Access Justifications. |
InstanceConfig
Instance Configs represents the features that can be enabled/disabled/configured by the customer
| JSON representation |
|---|
{ "secopsUiEnabled": boolean, "dataRbacEnabled": boolean, "triageAgentEnabled": boolean } |
| Fields | |
|---|---|
secopsUiEnabled |
Optional. The desired access state (true for enabled). |
dataRbacEnabled |
Optional. The desired access state for Data RBAC (true for enabled). |
triageAgentEnabled |
Optional. The desired access state for Triage Agent (true for enabled). |
Entitlement
Entitlement for the instance.
| JSON representation |
|---|
{ "packageTier": enum ( |
| Fields | |
|---|---|
packageTier |
Output only. The customer's package tier. |
dataRetentionDuration |
Output only. The customer's data retention duration. |
billingAccountId |
Output only. The customer's billing account id. |
serviceStartTime |
Output only. The service start time. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
serviceEndTime |
Output only. The service end time. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
dataVolume |
Output only. The data volume purchased in GB. |
dreAlignmentStateInfo |
Output only. DRE alignment state info. |
PackageTier
Package tier for the customer.
| Enums | |
|---|---|
PACKAGE_TIER_UNSPECIFIED |
Default tier which should never be used. |
LEVEL_ONE |
SIEM standalone. |
LEVEL_TWO |
Enterprise package. |
LEVEL_THREE |
Advanced package. |
NEXUS |
dedicated tier for Nexus |
SCCE_LEVEL_ONE |
SCCE Level One. |
SCCE_LEVEL_TWO |
SCCE Level Two. |
SCCE_LEVEL_THREE |
SCCE Level Three. |
SOAR_STANDALONE_STANDARD |
SOAR standalone standard. |
SOAR_STANDALONE_PRO |
SOAR standalone pro. |
GUS |
Google Unified Security. |
DREAlignmentStateInfo
DRE alignment state information.
| JSON representation |
|---|
{
"gracePeriodStartTime": string,
"gracePeriodEndTime": string,
"state": enum ( |
| Fields | |
|---|---|
gracePeriodStartTime |
Output only. Grace period start time. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
gracePeriodEndTime |
Output only. Grace period end time. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
state |
Output only. DRE alignment state. |
DREAlignmentState
DRE alignment state.
| Enums | |
|---|---|
DRE_ALIGNMENT_STATE_UNSPECIFIED |
Default value, should not be used. |
MISMATCH_FOUND |
Discrepancy detected between contractual and effective DRE. |
GRACE_PERIOD_EXTENDED |
Grace period for a mismatch has been extended. |
ALIGNMENT_COMPLETED |
Alignment process is complete, effective DRE matches contractual DRE. |
EXEMPTED |
Customer is exempted from DRE alignment. |
ALIGNMENT_ERROR |
An error occurred during the alignment process. |
Methods |
|
|---|---|
|
Validates a batch of entities that could be added into watchlist under an instance. |
|
Returns findings refinement activity for all findings refinements. |
|
ContinuePocGraduation verifies and proceeds graduation. |
|
Count detections across all curated rule sets. |
|
RPC to submit user feedback on content generated by AI services. |
|
DeleteInstance deletes an Instance. |
|
Evaluates whether existing Managed Content rules provide coverage for the input udm. |
|
ExtractSyslog extracts structured part of log from a unstructured log by running a grok regex over it. |
|
FetchFederationAccess method lists all the instances the authenticated user has access to and the operations they can perform over these instances. |
|
Identifies the entity type and retrieves relevant data associated with a specified indicator. |
|
Get alerts for an entity. |
|
Finds all the entities associated with provided entity. |
|
Finds ingested UDM field values that match a query. |
|
GenerateCollectionAgentAuth generates an auth json file for the collection agent. |
|
Generates a proposed rule given an input Threat Detection Opportunity (TDO). |
|
GenerateSoarAuthJwt signs a jwt in order to proceed with jwt exchange based authenticate with soar. |
|
Generates an AI-driven chat response based on a specific security intent. |
|
Generates synthetic events (both raw logs and UDM) for an input Threat Detection Opportunity (TDO). |
|
GenerateThreatDetectionOpportunity generates a Threat Detection Opportunity (TDO). |
|
GenerateUDMKeyValueMappings generates key value mapping of a raw log. |
|
Generates a token that can be used to connect a workspace customer to a chronicle instance |
|
Gets a Instance. |
|
GetAgentSettings gets the agent settings for an instance. |
|
Get the BigQuery export configuration for a Chronicle instance. |
|
Get the EnrichmentCombination. |
|
Gets the ManagedDomainSettings singleton for a customer. |
|
Gets the super and subtenants and gets the current tenant name. |
|
Queries the instance to get the Risk Configurations used for the computation of Entity Risk Score. |
|
Get the set of threat collection filter options. |
|
GraduatePocInstance graduates an instance. |
|
Lists all LegacyCaseFederationPlatforms configured in the primary instance. |
|
Returns essential system metadata for the requesting user. |
|
Lists all findings refinement deployments. |
|
Updates an Instance. |
|
Gets available product sources along with their stats. |
|
Runs a Threat Hunt. |
|
Initiates a long-running search operation. |
|
Identifies the entity type and retrieves relevant data associated with a specified indicator. |
|
Api to get events, entities, or unparsed raw logs matching the given raw log query. |
|
Submits user feedback for a specific platform interaction or feature. |
|
SuggestSql suggests auto completion text for a GoogleSQL query. |
|
Parses the query and identifies the entities contained within the search query. |
|
Returns all entity data over specified time. |
|
Tests for and returns past activity for a findings refinement, including, potentially, times when the findings refinement was not yet created. |
|
Translate natural language to a UDM Search query. |
|
Translate natural language to a Yara-L rule. |
|
Performs a UDM search that returns matching events for the query. |
|
UndeleteInstance undeletes a soft-deleted Instance. |
|
UpdateAgentSettings updates the agent settings for an instance. |
|
Update the BigQuery export configuration for a Chronicle instance. |
|
Updates RiskConfig used for the computation of Entity Risk Score. |
|
Validates UDM search query by compiling the query. |
|
Verifies the nonce used to graduate an instance. |
|
VerifyReferenceList validates list content and returns line errors, if any. |
|
Verifies the given rule text. |