- Resource: Instance
- State
- WipeoutState
- ComplianceRequirements
- ComplianceCertification
- InstanceConfig
- FrontendPathConfig
- Methods
Resource: Instance
A Instance represents an instantiation of the Instance product.
| JSON representation |
|---|
{ "name": string, "state": enum ( |
| Fields | |
|---|---|
name |
Identifier. The resource name of this instance. Format: |
state |
Output only. The state of the instance. |
purgeTime |
Output only. The earliest time that soft-deleted tenants will be permanently deleted and will no longer be able to be undeleted. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
deleteTime |
Output only. The time at which the instance was soft-deleted. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
wipeoutStatus |
Output only. The wipeout status of the instance. |
displayName |
Output only. The display name of the instance. |
secopsUrls[] |
Output only. URL of the SecOps instance for the instance. https://{frontendPath}.backstory.chronicle.security |
customerCode |
Output only. An acronym related to the company name. |
createTime |
Output only. The time at which the instance was created. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
complianceRequirements |
Optional. Compliance requirements for the instance. |
instanceConfig |
Optional. Instance Configs represents the features that can be enabled/disabled by the customer |
frontendPathConfigs[] |
Output only. List of frontend path - workforce pool provider id configs of the instance. |
State
The state of the instance.
| Enums | |
|---|---|
STATE_UNSPECIFIED |
The default value. |
ACTIVE |
The instance is active. |
SOFT_DELETED |
The instance is soft-deleted. |
SOFT_DELETE_INITIATED |
The instance is in the process of being soft-deleted. |
UNDELETE_INITIATED |
The instance is in the process of being undeleted. |
WipeoutState
The wipeout status of the instance.
| Enums | |
|---|---|
WIPEOUT_STATE_UNSPECIFIED |
The default value. |
DELETE_REQUESTED |
The instance has requested deletion. |
SOFT_DELETE_IN_PROGRESS |
The instance is in the process of being soft-deleted. |
SOFT_DELETE_COMPLETED |
The instance has been soft-deleted. |
UNDELETE_REQUESTED |
The instance has requested undeletion. |
DATA_DELETION_IN_PROGRESS |
The instance is in the process of being data deleted. |
ERROR |
The instance has an error during wipeout. |
WIPED_OUT |
The instance has been wiped out. |
UNDELETE_COMPLETED |
The instance has been undeleted. |
ComplianceRequirements
Compliance requirements.
| JSON representation |
|---|
{
"complianceCertifications": [
enum ( |
| Fields | |
|---|---|
complianceCertifications[] |
Optional. A list of compliance certifications. |
ComplianceCertification
Compliance certifications.
| Enums | |
|---|---|
COMPLIANCE_CERTIFICATION_UNSPECIFIED |
LINT.IfChange(instance-compliance-certification) Unspecified compliance certification. |
FEDRAMP_MODERATE |
FedRAMP Moderate. |
HIPAA |
HIPAA. |
PCI_DSS |
PCI DSS. |
FEDRAMP_HIGH |
FedRAMP High. |
IL4 |
IL4. |
IL5 |
IL5. |
CHRONICLE_CMEK_V1 |
Chronicle CMEK V1. |
DRZ_ADVANCED |
DRZ_ADVANCED. |
InstanceConfig
Instance Configs represents the features that can be enabled/disabled/configured by the customer
| JSON representation |
|---|
{ "secopsUiEnabled": boolean, "dataRbacEnabled": boolean } |
| Fields | |
|---|---|
secopsUiEnabled |
Optional. The desired access state (true for enabled). |
dataRbacEnabled |
Optional. The desired access state for Data RBAC (true for enabled). |
FrontendPathConfig
Frontend paths - workforce pool provider id mapping of the instance.
| JSON representation |
|---|
{ "frontendPath": string, "workforcePoolProviderId": string } |
| Fields | |
|---|---|
frontendPath |
Output only. Frontend path that is part of the instance. |
workforcePoolProviderId |
Output only. Workforce pool provider id connected to the frontend path. Format: |
Methods |
|
|---|---|
|
Validates a batch of entities that could be added into watchlist under an instance. |
|
Returns findings refinement activity for all findings refinements. |
|
ContinuePocGraduation verifies and proceeds graduation. |
|
Count detections across all curated rule sets. |
|
RPC to submit user feedback on content generated by AI services. |
|
DeleteInstance deletes an Instance. |
|
ExtractSyslog extracts structured part of log from a unstructured log by running a grok regex over it. |
|
FetchFederationAccess method lists all the instances the authenticated user has access to and the operations they can perform over these instances. |
|
Identifies the entity type and retrieves relevant data associated with a specified indicator. |
|
Get alerts for an entity |
|
Finds all the entities associated with provided entity. |
|
Finds ingested UDM field values that match a query. |
|
GenerateCollectionAgentAuth generates an auth json file for the collection agent. |
|
GenerateSoarAuthJwt signs a jwt in order to proceed with jwt exchange based authenticate with soar. |
|
Generates a SOAR chat message based on the given intent. |
|
GenerateUDMKeyValueMappings generates key value mapping of a raw log. |
|
Generates a token that can be used to connect a workspace customer to a chronicle instance |
|
Gets a Instance. |
|
Get the BigQuery export configuration for a Chronicle instance. |
|
Get the EnrichmentCombination. |
|
Gets the super and subtenants and gets the current tenant name. |
|
Queries the instance to get the Risk Configurations used for the computation of Entity Risk Score. |
|
Get the set of threat collection filter options. |
|
GraduatePocInstance graduates an instance. |
|
Legacy endpoint for listing case federation platforms. |
|
Legacy Get System Metadata. |
|
Lists all findings refinement deployments. |
|
Updates an Instance. |
|
Gets available product sources along with their stats. |
|
Identifies the entity type and retrieves relevant data associated with a specified indicator. |
|
Api to get events, entities, or unparsed raw logs matching the given raw log query. |
|
Submits a Response Feedback. |
|
Parses the query and identifies the entities contained within the search query. |
|
Returns all entity data over specified time. |
|
Tests for and returns past activity for a findings refinement, including, potentially, times when the findings refinement was not yet created. |
|
Translate natural language to a UDM Search query. |
|
Translate natural language to a Yara-L rule. |
|
Performs a UDM search that returns matching events for the query. |
|
UndeleteInstance undeletes a soft-deleted Instance. |
|
Update the BigQuery export configuration for a Chronicle instance. |
|
Updates RiskConfig used for the computation of Entity Risk Score. |
|
Validates UDM search query by compiling the query. |
|
Verifies the nonce used to graduate an instance. |
|
VerifyReferenceList validates list content and returns line errors, if any. |
|
Verifies the given rule text. |