Method: cases.resolveOverviewWidget

HTTP request
Path parameters
Query parameters
Request body
Response body
- JSON representation
Authorization scopes
IAM Permissions
AlertOverviewWidget
- JSON representation
AlertCard
- JSON representation
AlertCardSla
- JSON representation
AlertCardFieldGroupData
- JSON representation
AlertCardFieldData
- JSON representation
WidgetTemplateType
WidgetTemplateGridColumns
WidgetResultStatus
CaseApsGrapthWidget
- JSON representation
CaseAssistantWidget
- JSON representation
AiCaseAssistantStatus
CaseAssistantSummaryData
- JSON representation
CaseAssistantType
CaseAssistantReasonsData
- JSON representation
CaseAssistantNextStepsData
- JSON representation
CaseDescriptionWidget
- JSON representation
CaseImpactedResourcesWidget
- JSON representation
CaseRecommendationsWidget
- JSON representation
SimilarCase
- JSON representation
SimilarCaseOutcomeStatus
AnalystUserDetails
- JSON representation
CaseRelatedFindingsWidget
- JSON representation
EntitiesHighlightWidget
- JSON representation
EntityData
- JSON representation
WidgetFieldGroupData
- JSON representation
WidgetFieldData
- JSON representation
EventsWidget
- JSON representation
EventWidgetRow
- JSON representation
EventWidgetCell
- JSON representation
SecurityEntity
- JSON representation
WidgetContextGroup
- JSON representation
ContextStringItem
- JSON representation
FormWidget
- JSON representation
CustomFieldForm
- JSON representation
GraphWidget
- JSON representation
Investigator
- JSON representation
GraphNodeGroup
- JSON representation
GraphNode
- JSON representation
GraphRelationGroup
- JSON representation
GraphRelation
- JSON representation
GraphRelationPropertyValue
- JSON representation
ApiSecurityAlertDetails
- JSON representation
ApiSecurityEventDetails
- JSON representation
ApiSecurityEntityCard
- JSON representation
SecurityEntityDirection
HtmlWidget
- JSON representation
InsightsWidget
- JSON representation
CaseInsight
- JSON representation
JsonResultsWidget
- JSON representation
KeyValueWidget
- JSON representation
KeyValueStatistics
- JSON representation
WorkflowPendingStepsWidget
- JSON representation
WorkflowPendingStep
- JSON representation
PendingStepStatus
PendingStepSecurityEntity
- JSON representation
PendingStepSecurityEntityPropertyValue
- JSON representation
PendingStepActionDefinition
- JSON representation
PendingStepActionDefinitionParameter
- JSON representation
PendingStepActionDefinitionParameterType
ActionIntegrationInstance
- JSON representation
WorkflowPendingStepInstance
- JSON representation
WorkflowStepType
WorkflowStepParameter
- JSON representation
WorkflowStepParameterType
PotentiallyGroupedAlertsWidget
- JSON representation
PotentiallyGroupedAlert
- JSON representation
QuickActionsWidget
- JSON representation
QuickAction
- JSON representation
SiemAlertsWidget
- JSON representation
StatisticsWidget
- JSON representation
FieldDistribution
- JSON representation
FieldValueData
- JSON representation
TextWidget
- JSON representation
TimelineWidget
- JSON representation
WallActivitiesWidget
- JSON representation
CaseWallActivity
- JSON representation
CaseWallActivityType
RuleOverviewWidget
- JSON representation
Try it!

Full name: projects.locations.instances.cases.resolveOverviewWidget

Resolve case overview widget.

HTTP request

Choose a location:

GET https://chronicle.africa-south1.rep.googleapis.com/v1beta/{name}:resolveOverviewWidget

Path parameters

Parameters

Parameters
`name`	`string` Required. The case to resolve overview widget for. Format: projects/{project}/locations/{location}/instances/{instance}/cases/{case}:resolveOverviewWidget

name

string

Required. The case to resolve overview widget for. Format: projects/{project}/locations/{location}/instances/{instance}/cases/{case}:resolveOverviewWidget

Query parameters

Parameters
`widgetIdentifier`	`string` Required. Widget identifier to resolve.
`caseId`	`integer` Required. Case id to resolve overview widget for.
`forceRefresh`	`boolean` Optional. Force refresh the widget.
`firstRequest`	`boolean` Optional. Is first request to resolve overview widget.

Request body

The request body must be empty.

Response body

Response message for cases.resolveOverviewWidget.

If successful, the response body contains data with the following structure:

JSON representation

JSON representation
{ // Union field `overview_widget` can be only one of the following: "alertOverviewWidget": { object (`AlertOverviewWidget`) }, "caseApsGraphWidget": { object (`CaseApsGrapthWidget`) }, "caseAssistantWidget": { object (`CaseAssistantWidget`) }, "caseDescriptionWidget": { object (`CaseDescriptionWidget`) }, "caseImpactedResourcesWidget": { object (`CaseImpactedResourcesWidget`) }, "caseRecommendationsWidget": { object (`CaseRecommendationsWidget`) }, "caseRelatedFindingsWidget": { object (`CaseRelatedFindingsWidget`) }, "entitiesHighlightWidget": { object (`EntitiesHighlightWidget`) }, "eventsWidget": { object (`EventsWidget`) }, "formWidget": { object (`FormWidget`) }, "graphWidget": { object (`GraphWidget`) }, "htmlWidget": { object (`HtmlWidget`) }, "insightsWidget": { object (`InsightsWidget`) }, "jsonResultsWidget": { object (`JsonResultsWidget`) }, "keyValueWidget": { object (`KeyValueWidget`) }, "pendingStepsWidget": { object (`WorkflowPendingStepsWidget`) }, "potentiallyGroupedAlertsWidget": { object (`PotentiallyGroupedAlertsWidget`) }, "quickActionsWidget": { object (`QuickActionsWidget`) }, "siemAlertsWidget": { object (`SiemAlertsWidget`) }, "statisticsWidget": { object (`StatisticsWidget`) }, "textWidget": { object (`TextWidget`) }, "timelineWidget": { object (`TimelineWidget`) }, "wallActivitiesWidget": { object (`WallActivitiesWidget`) }, "ruleOverviewWidget": { object (`RuleOverviewWidget`) } // End of list of possible types for union field `overview_widget`. }

{

  // Union field overview_widget can be only one of the following:
  "alertOverviewWidget": {
    object (AlertOverviewWidget)
  },
  "caseApsGraphWidget": {
    object (CaseApsGrapthWidget)
  },
  "caseAssistantWidget": {
    object (CaseAssistantWidget)
  },
  "caseDescriptionWidget": {
    object (CaseDescriptionWidget)
  },
  "caseImpactedResourcesWidget": {
    object (CaseImpactedResourcesWidget)
  },
  "caseRecommendationsWidget": {
    object (CaseRecommendationsWidget)
  },
  "caseRelatedFindingsWidget": {
    object (CaseRelatedFindingsWidget)
  },
  "entitiesHighlightWidget": {
    object (EntitiesHighlightWidget)
  },
  "eventsWidget": {
    object (EventsWidget)
  },
  "formWidget": {
    object (FormWidget)
  },
  "graphWidget": {
    object (GraphWidget)
  },
  "htmlWidget": {
    object (HtmlWidget)
  },
  "insightsWidget": {
    object (InsightsWidget)
  },
  "jsonResultsWidget": {
    object (JsonResultsWidget)
  },
  "keyValueWidget": {
    object (KeyValueWidget)
  },
  "pendingStepsWidget": {
    object (WorkflowPendingStepsWidget)
  },
  "potentiallyGroupedAlertsWidget": {
    object (PotentiallyGroupedAlertsWidget)
  },
  "quickActionsWidget": {
    object (QuickActionsWidget)
  },
  "siemAlertsWidget": {
    object (SiemAlertsWidget)
  },
  "statisticsWidget": {
    object (StatisticsWidget)
  },
  "textWidget": {
    object (TextWidget)
  },
  "timelineWidget": {
    object (TimelineWidget)
  },
  "wallActivitiesWidget": {
    object (WallActivitiesWidget)
  },
  "ruleOverviewWidget": {
    object (RuleOverviewWidget)
  }
  // End of list of possible types for union field overview_widget.
}

Fields
Union field `overview_widget`. The overview widget to resolve. `overview_widget` can be only one of the following:
`alertOverviewWidget`	`object (AlertOverviewWidget)` Output only. The alert overview widget to resolve.
`caseApsGraphWidget`	`object (CaseApsGrapthWidget)` Output only. The case aps graph widget to resolve.
`caseAssistantWidget`	`object (CaseAssistantWidget)` Output only. The AI case assistant widget to resolve.
`caseDescriptionWidget`	`object (CaseDescriptionWidget)` Output only. The case description widget to resolve.
`caseImpactedResourcesWidget`	`object (CaseImpactedResourcesWidget)` Output only. The case impacted resources widget to resolve.
`caseRecommendationsWidget`	`object (CaseRecommendationsWidget)` Output only. The case recommendations widget to resolve.
`caseRelatedFindingsWidget`	`object (CaseRelatedFindingsWidget)` Output only. The case related findings widget to resolve.
`entitiesHighlightWidget`	`object (EntitiesHighlightWidget)` Output only. The entities highlight widget to resolve.
`eventsWidget`	`object (EventsWidget)` Output only. The events widget to resolve.
`formWidget`	`object (FormWidget)` Output only. The form widget to resolve.
`graphWidget`	`object (GraphWidget)` Output only. The graph widget to resolve.
`htmlWidget`	`object (HtmlWidget)` Output only. The html widget to resolve.
`insightsWidget`	`object (InsightsWidget)` Output only. The insights widget to resolve.
`jsonResultsWidget`	`object (JsonResultsWidget)` Output only. The json result widget to resolve.
`keyValueWidget`	`object (KeyValueWidget)` Output only. The key value widget to resolve.
`pendingStepsWidget`	`object (WorkflowPendingStepsWidget)` Output only. The workflow pending steps widget to resolve.
`potentiallyGroupedAlertsWidget`	`object (PotentiallyGroupedAlertsWidget)` Output only. The potentially grouped alerts widget to resolve.
`quickActionsWidget`	`object (QuickActionsWidget)` Output only. The quick actions widget to resolve.
`siemAlertsWidget`	`object (SiemAlertsWidget)` Output only. The siem alerts widget to resolve.
`statisticsWidget`	`object (StatisticsWidget)` Output only. The statistics widget to resolve.
`textWidget`	`object (TextWidget)` Output only. The text widget to resolve.
`timelineWidget`	`object (TimelineWidget)` Output only. The timeline widget to resolve.
`wallActivitiesWidget`	`object (WallActivitiesWidget)` Output only. The case wall activities widget to resolve.
`ruleOverviewWidget`	`object (RuleOverviewWidget)` Output only. The rule overview widget to resolve.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the name resource:

chronicle.cases.get

For more information, see the IAM documentation.

AlertOverviewWidget

Alert overview widget.

JSON representation

JSON representation
{ "alerts": [ { object (`AlertCard`) } ], "title": string, "order": integer, "type": enum (`WidgetTemplateType`), "gridColumns": enum (`WidgetTemplateGridColumns`), "description": string, "identifier": string, "jsonData": string, "errorJsonData": string, "resultStatus": enum (`WidgetResultStatus`) }

{
  "alerts": [
    {
      object (AlertCard)
    }
  ],
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`alerts[]`	`object (AlertCard)` Output only. The alerts to display in the widget.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

AlertCard

Alert card.

JSON representation

JSON representation
{ "id": string, "creationTimeUnixTimeInMs": string, "modificationTimeUnixTimeInMs": string, "identifier": string, "status": enum (`AlertStatus`), "name": string, "priority": enum (`LegacyCasePriority`), "workflowsStatus": enum (`WorkflowStatus`), "startTime": string, "endTime": string, "alertGroupIdentifier": string, "eventsCount": integer, "title": string, "ruleGenerator": string, "deviceProduct": string, "deviceVendor": string, "playbookAttached": string, "playbookRunCount": integer, "isManualAlert": boolean, "sla": { object (`AlertCardSla`) }, "fieldsGroups": [ { object (`AlertCardFieldGroupData`) } ], "sourceUrl": string, "sourceRuleUrl": string, "relatedCases": [ integer ], "caseId": integer, "nestingDepth": integer, "slaExpirationUnixTime": string, "slaCriticalExpirationUnixTime": string, "siemAlertId": string, "lastSourceUpdateUnixTimeInMs": integer }

{
  "id": string,
  "creationTimeUnixTimeInMs": string,
  "modificationTimeUnixTimeInMs": string,
  "identifier": string,
  "status": enum (AlertStatus),
  "name": string,
  "priority": enum (LegacyCasePriority),
  "workflowsStatus": enum (WorkflowStatus),
  "startTime": string,
  "endTime": string,
  "alertGroupIdentifier": string,
  "eventsCount": integer,
  "title": string,
  "ruleGenerator": string,
  "deviceProduct": string,
  "deviceVendor": string,
  "playbookAttached": string,
  "playbookRunCount": integer,
  "isManualAlert": boolean,
  "sla": {
    object (AlertCardSla)
  },
  "fieldsGroups": [
    {
      object (AlertCardFieldGroupData)
    }
  ],
  "sourceUrl": string,
  "sourceRuleUrl": string,
  "relatedCases": [
    integer
  ],
  "caseId": integer,
  "nestingDepth": integer,
  "slaExpirationUnixTime": string,
  "slaCriticalExpirationUnixTime": string,
  "siemAlertId": string,
  "lastSourceUpdateUnixTimeInMs": integer
}

Fields
`id`	`string (int64 format)` Output only. The alert name.
`creationTimeUnixTimeInMs`	`string (int64 format)` Output only. The alert creation time in milliseconds.
`modificationTimeUnixTimeInMs`	`string (int64 format)` Output only. The alert modification time in milliseconds.
`identifier`	`string` Output only. The alert identifier. This is a unique identifier for the alert. Format: {alertName}_{ticketId}
`status`	`enum (AlertStatus)` Output only. The alert status.
`name`	`string` Output only. The alert name.
`priority`	`enum (LegacyCasePriority)` Output only. The alert priority.
`workflowsStatus`	`enum (WorkflowStatus)` Output only. Status of the selected playbook.
`startTime`	`string (int64 format)` Output only. The alert start time in milliseconds. Start time of the first event.
`endTime`	`string (int64 format)` Output only. The alert end time in milliseconds. End time of the last event.
`alertGroupIdentifier`	`string` Output only. The alert group identifier. This value is unique across the system.
`eventsCount`	`integer` Output only. The number of events in the alert.
`title`	`string` Output only. Alert display name.
`ruleGenerator`	`string` Output only. Rule that generated the alert. Based on the source connector.
`deviceProduct`	`string` Output only. Source product that the alert ingested from.
`deviceVendor`	`string` Output only. Source vendor that the alert ingested from.
`playbookAttached`	`string` Output only. The playbook attached to the alert. The playbook selected is the one with the highest priority. For playbooks with similar priorities, the playbook that was created first is selected.
`playbookRunCount`	`integer` Output only. The playbook's execution count for the alert.
`isManualAlert`	`boolean` Output only. Flag that indicates whether the alert is manual or not.
`sla`	`object (AlertCardSla)` Output only. The alert SLA.
`fieldsGroups[]`	`object (AlertCardFieldGroupData)` Output only. The alert fields.
`sourceUrl`	`string` Output only. The alert source URL.
`sourceRuleUrl`	`string` Output only. The alert source rule URL.
`relatedCases[]`	`integer` Output only. The list of cases related to the alert.
`caseId`	`integer` Output only. The alert's case id.
`nestingDepth`	`integer` Output only. The alert's nesting depth. In case the alert is not nested, this field will be 0. Otherwise, the depth is specified as a positive number.
`slaExpirationUnixTime`	`string (int64 format)` Output only. The alert SLA expiration time in milliseconds.
`slaCriticalExpirationUnixTime`	`string (int64 format)` Output only. The alert SLA critical expiration time in milliseconds.
`siemAlertId`	`string` Output only. The alert's SIEM identifier. In case the alert is not ingested from SIEM, this field will be null.
`lastSourceUpdateUnixTimeInMs`	`integer` Output only. The last time the alert source was updated in milliseconds.

AlertCardSla

The alert SLA.

JSON representation
{ "slaExpirationTime": string, "criticalExpirationTime": string, "expirationStatus": enum (`SlaExpirationStatus`), "remainingTimeSinceLastPause": string }

Fields
`slaExpirationTime`	`string (int64 format)` Output only. The alert SLA expiration time in milliseconds.
`criticalExpirationTime`	`string (int64 format)` Output only. The alert SLA expiration time in milliseconds.
`expirationStatus`	`enum (SlaExpirationStatus)` Output only. The alert SLA expiration status.
`remainingTimeSinceLastPause`	`string (int64 format)` Output only. The remaining time since the last pause in milliseconds.

AlertCardFieldGroupData

Field group data.

JSON representation
{ "order": integer, "groupName": string, "items": [ { object (`AlertCardFieldData`) } ], "isIntegration": boolean, "isHighlight": boolean }

Fields
`order`	`integer` Output only. Field group order.
`groupName`	`string` Output only. Field group name.
`items[]`	`object (AlertCardFieldData)` Output only. The list of fields in the field group.
`isIntegration`	`boolean` Output only. Flag that indicates whether the field group is related to a specific integration or not.
`isHighlight`	`boolean` Output only. Flag that indicates whether the field group is highlighted.

AlertCardFieldData

Field data.

JSON representation
{ "originalName": string, "name": string, "value": string }

Fields

Fields
`originalName`	`string` Output only. Field name.
`name`	`string` Output only. Field display name.
`value`	`string` Output only. Field value.

originalName

string

Output only. Field name.

name

string

Output only. Field display name.

value

string

Output only. Field value.

WidgetTemplateType

Widget template type.

Enums
`WIDGET_TEMPLATE_TYPE_ENUM_UNSPECIFIED`	Unspecified widget type.
`KEY_VALUE`	Key value widget type.
`EVENTS`	Events widget type.
`JSON_RESULTS`	JSON results widget type.
`HTML`	HTML widget type.
`WALL_ACTIVITIES`	Wall activities widget type.
`ALERTS`	Alerts widget type.
`TIMELINE`	Timeline widget type.
`GRAPH`	Graph widget type.
`TEXT`	Text widget type.
`POTENTIALLY_GROUPED_ALERTS`	Potentially grouped alerts widget type.
`ENTITIES_HIGHLIGHT`	Entities highlight widget type.
`PENDING_STEPS`	Pending steps widget type.
`CASE_RECOMMENDATIONS`	Case recommendations widget type.
`STATISTICS`	Statistics widget type.
`CASE_DESCRIPTION`	Case description widget type.
`INSIGHT`	Insight widget type.
`CASE_ASSISTANT`	Case assistant widget type.
`CASE_APS_GRAPH`	Case APS graph widget type.
`CASE_RELATED_FINDINGS`	Case related findings widget type.
`CASE_IMPACTED_RESOURCES`	Case impacted resources widget type.
`FORM`	Form widget type.
`QUICK_ACTIONS`	Quick actions widget type.s
`SIEM_ALERTS`	Siem alerts widget type.
`RULE_OVERVIEW`	Rule overview widget type.

WidgetTemplateGridColumns

Widget template grid columns.

Enums
`CASE_WIDGET_TEMPLATE_GRID_COLUMNS_UNSPECIFIED`	Unspecified widget template grid columns.
`HALF_WIDTH`	Half width
`FULL_WIDTH`	Full width
`ONE_THIRD_WIDTH`	One third width
`TWO_THIRD_WIDTH`	Two third width

WidgetResultStatus

Widget result status.

Enums
`WIDGET_RESULT_STATUS_UNSPECIFIED`	Unspecified widget result status.
`SUCCESS`	Widget result is success.
`ERROR`	Widget result is error.

CaseApsGrapthWidget

Case aps graph widget.

JSON representation

JSON representation
{ "ticketId": string, "title": string, "order": integer, "type": enum (`WidgetTemplateType`), "gridColumns": enum (`WidgetTemplateGridColumns`), "description": string, "identifier": string, "jsonData": string, "errorJsonData": string, "resultStatus": enum (`WidgetResultStatus`) }

{
  "ticketId": string,
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`ticketId`	`string` Output only. The ticket id of the case
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

CaseAssistantWidget

Case assistant widget.

JSON representation

JSON representation
{ "state": enum (`AiCaseAssistantStatus`), "summaryPrediction": { object (`CaseAssistantSummaryData`) }, "reasonsPrediction": { object (`CaseAssistantReasonsData`) }, "nextStepsPrediction": { object (`CaseAssistantNextStepsData`) }, "alertsCount": integer, "eventsCount": integer, "entitiesCount": integer, "environment": string, "modificationTimeUnixTimeInMs": string, "title": string, "order": integer, "type": enum (`WidgetTemplateType`), "gridColumns": enum (`WidgetTemplateGridColumns`), "description": string, "identifier": string, "jsonData": string, "errorJsonData": string, "resultStatus": enum (`WidgetResultStatus`), "investigationNotebookId": string }

{
  "state": enum (AiCaseAssistantStatus),
  "summaryPrediction": {
    object (CaseAssistantSummaryData)
  },
  "reasonsPrediction": {
    object (CaseAssistantReasonsData)
  },
  "nextStepsPrediction": {
    object (CaseAssistantNextStepsData)
  },
  "alertsCount": integer,
  "eventsCount": integer,
  "entitiesCount": integer,
  "environment": string,
  "modificationTimeUnixTimeInMs": string,
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus),
  "investigationNotebookId": string
}

Fields
`state`	`enum (AiCaseAssistantStatus)` Output only. The widget state.
`summaryPrediction`	`object (CaseAssistantSummaryData)` Output only. The summary prediction.
`reasonsPrediction`	`object (CaseAssistantReasonsData)` Output only. The case assistant reasons data.
`nextStepsPrediction`	`object (CaseAssistantNextStepsData)` Output only. The case assistant next steps prediction data.
`alertsCount`	`integer` Output only. The number of alerts in the case.
`eventsCount`	`integer` Output only. The number of events in the case.
`entitiesCount`	`integer` Output only. The number of entities in the case.
`environment`	`string` Output only. The environment of the case.
`modificationTimeUnixTimeInMs`	`string (int64 format)` Output only. The case modification time in milliseconds.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.
`investigationNotebookId`	`string` Output only. The investigation notebook id.

AiCaseAssistantStatus

AI Case assistant widget status.

Enums
`AI_CASE_ASSISTANT_STATUS_UNSPECIFIED`	Unspecified AI case assistant widget status.
`PENDING_START`	AI case assistant widget is pending start.
`IN_PROGRESS`	AI case assistant widget is in progress.
`SUCCESSFUL`	AI case assistant widget is successful.
`AI_CASE_ASSISTANT_ERROR`	AI case assistant widget is error.

CaseAssistantSummaryData

Case assistant summary data.

JSON representation
{ "caseSummary": string, "caseSummaryId": integer, "caseAssistantType": enum (`CaseAssistantType`) }

Fields

Fields
`caseSummary`	`string` Output only. The case summary.
`caseSummaryId`	`integer` Output only. The case summary id.
`caseAssistantType`	`enum (CaseAssistantType)` Output only. The case assistant type.

caseSummary

string

Output only. The case summary.

caseSummaryId

integer

Output only. The case summary id.

caseAssistantType

enum (CaseAssistantType)

Output only. The case assistant type.

CaseAssistantType

Case assistant type.

Enums
`CASE_ASSISTANT_TYPE_UNSPECIFIED`	Unspecified case assistant type.
`THREAT_SUMMARY`	Case assistant type is summary.
`RECOMMENDATION_REASONS`	Case assistant type is recommendation.
`RECOMMENDATION_NEXT_STEPS`	Case assistant type is recommendation next steps.

CaseAssistantReasonsData

Case assistant reasons data.

JSON representation
{ "reasons": [ string ], "score": number, "caseSummaryId": integer, "caseAssistantType": enum (`CaseAssistantType`) }

Fields
`reasons[]`	`string` Output only. The case assistant reasons.
`score`	`number` Output only. The case assistant score.
`caseSummaryId`	`integer` Output only. The case summary id.
`caseAssistantType`	`enum (CaseAssistantType)` Output only. The case assistant type.

CaseAssistantNextStepsData

Case assistant next steps data.

JSON representation
{ "nextSteps": [ string ], "caseSummaryId": integer, "caseAssistantType": enum (`CaseAssistantType`) }

Fields

Fields
`nextSteps[]`	`string` Output only. The case assistant next steps.
`caseSummaryId`	`integer` Output only. The case summary id.
`caseAssistantType`	`enum (CaseAssistantType)` Output only. The case assistant type.

nextSteps[]

string

Output only. The case assistant next steps.

caseSummaryId

integer

Output only. The case summary id.

caseAssistantType

enum (CaseAssistantType)

Output only. The case assistant type.

CaseDescriptionWidget

Case description widget.

JSON representation

JSON representation
{ "text": string, "title": string, "order": integer, "type": enum (`WidgetTemplateType`), "gridColumns": enum (`WidgetTemplateGridColumns`), "description": string, "identifier": string, "jsonData": string, "errorJsonData": string, "resultStatus": enum (`WidgetResultStatus`) }

{
  "text": string,
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`text`	`string` Output only. The widget text.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

CaseImpactedResourcesWidget

Case impacted resources widget.

JSON representation

JSON representation
{ "ticketId": string, "title": string, "order": integer, "type": enum (`WidgetTemplateType`), "gridColumns": enum (`WidgetTemplateGridColumns`), "description": string, "identifier": string, "jsonData": string, "errorJsonData": string, "resultStatus": enum (`WidgetResultStatus`) }

{
  "ticketId": string,
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`ticketId`	`string` Output only. The widget ticket identifier.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

CaseRecommendationsWidget

Case recommendations widget.

JSON representation

JSON representation
{ "similarCases": [ { object (`SimilarCase`) } ], "relevantAnalysts": [ { object (`AnalystUserDetails`) } ], "relevantTags": [ string ], "title": string, "order": integer, "type": enum (`WidgetTemplateType`), "gridColumns": enum (`WidgetTemplateGridColumns`), "description": string, "identifier": string, "jsonData": string, "errorJsonData": string, "resultStatus": enum (`WidgetResultStatus`) }

{
  "similarCases": [
    {
      object (SimilarCase)
    }
  ],
  "relevantAnalysts": [
    {
      object (AnalystUserDetails)
    }
  ],
  "relevantTags": [
    string
  ],
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`similarCases[]`	`object (SimilarCase)` Output only. The similar cases.
`relevantAnalysts[]`	`object (AnalystUserDetails)` Output only. The relevant analysts.
`relevantTags[]`	`string` Output only. The relevant tags.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

SimilarCase

The similar case.

JSON representation

JSON representation
{ "id": integer, "title": string, "similarCaseRescordOutcomeStatus": enum (`SimilarCaseOutcomeStatus`), "priority": enum (`LegacyCasePriority`), "creationTimeUnixTimeInMs": string, "scorePercent": integer, "isClosed": boolean, "closeRootCause": string, "closeComment": string }

{
  "id": integer,
  "title": string,
  "similarCaseRescordOutcomeStatus": enum (SimilarCaseOutcomeStatus),
  "priority": enum (LegacyCasePriority),
  "creationTimeUnixTimeInMs": string,
  "scorePercent": integer,
  "isClosed": boolean,
  "closeRootCause": string,
  "closeComment": string
}

Fields
`id`	`integer` Output only. The similar case id.
`title`	`string` Output only. The similar case title.
`similarCaseRescordOutcomeStatus`	`enum (SimilarCaseOutcomeStatus)` Output only. The similar case outcome status.
`priority`	`enum (LegacyCasePriority)` Output only. The similar case priority.
`creationTimeUnixTimeInMs`	`string (int64 format)` Output only. The similar case creation time in milliseconds.
`scorePercent`	`integer` Output only. The similar case score percent.
`isClosed`	`boolean` Output only. The similar case closed flag.
`closeRootCause`	`string` Output only. The similar case root cause.
`closeComment`	`string` Output only. The similar case close comment.

SimilarCaseOutcomeStatus

The similar case outcome status.

Enums
`SIMILAR_CASE_OUTCOME_STATUS_UNSPECIFIED`	Unspecified similar case outcome status.
`OPEN`	Similar case outcome status is open.
`MALICIOUS`	Similar case outcome status is malicious.
`NOT_MALICIOUS`	Similar case outcome status is not malicious.
`MAINTENANCE`	Similar case outcome status is maintenance.

AnalystUserDetails

The analyst user details.

JSON representation
{ "userName": string, "fullName": string }

Fields

Fields
`userName`	`string` Output only. The user name.
`fullName`	`string` Output only. The full name.

userName

string

Output only. The user name.

fullName

string

Output only. The full name.

CaseRelatedFindingsWidget

Case related findings widget.

JSON representation

JSON representation
{ "ticketId": string, "title": string, "order": integer, "type": enum (`WidgetTemplateType`), "gridColumns": enum (`WidgetTemplateGridColumns`), "description": string, "identifier": string, "jsonData": string, "errorJsonData": string, "resultStatus": enum (`WidgetResultStatus`) }

{
  "ticketId": string,
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`ticketId`	`string` Output only. The widget ticket identifier.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

EntitiesHighlightWidget

Entities highlight widget.

JSON representation

JSON representation
{ "highlightEntities": [ { object (`EntityData`) } ], "title": string, "order": integer, "type": enum (`WidgetTemplateType`), "gridColumns": enum (`WidgetTemplateGridColumns`), "description": string, "identifier": string, "jsonData": string, "errorJsonData": string, "resultStatus": enum (`WidgetResultStatus`) }

{
  "highlightEntities": [
    {
      object (EntityData)
    }
  ],
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`highlightEntities[]`	`object (EntityData)` Output only. The entities to highlight.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

EntityData

Entity data.

JSON representation

JSON representation
{ "caseId": integer, "alertIdentifier": string, "status": enum (`AlertStatus`), "identifier": string, "entityType": string, "isInternal": boolean, "isSuspicious": boolean, "isArtifact": boolean, "isPivot": boolean, "environment": string, "fieldsGroups": [ { object (`WidgetFieldGroupData`) } ], "highlightFieldsGroups": [ { object (`WidgetFieldGroupData`) } ] }

{
  "caseId": integer,
  "alertIdentifier": string,
  "status": enum (AlertStatus),
  "identifier": string,
  "entityType": string,
  "isInternal": boolean,
  "isSuspicious": boolean,
  "isArtifact": boolean,
  "isPivot": boolean,
  "environment": string,
  "fieldsGroups": [
    {
      object (WidgetFieldGroupData)
    }
  ],
  "highlightFieldsGroups": [
    {
      object (WidgetFieldGroupData)
    }
  ]
}

Fields
`caseId`	`integer` Output only. The case id of the entity.
`alertIdentifier`	`string` Output only. The alert identifier. This is a unique identifier for the alert. Format: {alertName}_{ticketId}
`status`	`enum (AlertStatus)` Output only. Alert status.
`identifier`	`string` Output only. The entity identifier.
`entityType`	`string` Output only. The entity type.
`isInternal`	`boolean` Output only. Flag that indicates whether the entity is internal or not.
`isSuspicious`	`boolean` Output only. Flag that indicates whether the entity is suspicious or not.
`isArtifact`	`boolean` Output only. Flag that indicates whether the entity is an artifact or not.
`isPivot`	`boolean` Output only. Flag that indicates whether the entity is a pivot or not.
`environment`	`string` Output only. The environment the entity belongs to.
`fieldsGroups[]`	`object (WidgetFieldGroupData)` Output only. The entity fields.
`highlightFieldsGroups[]`	`object (WidgetFieldGroupData)` Output only. The entity highlight fields.

WidgetFieldGroupData

Widget field group data.

JSON representation
{ "order": integer, "groupName": string, "items": [ { object (`WidgetFieldData`) } ], "sourceUrl": string, "isIntegration": boolean, "isHighlight": boolean, "isManuallyCreated": boolean }

Fields
`order`	`integer` Output only. Field group order.
`groupName`	`string` Output only. Field group name.
`items[]`	`object (WidgetFieldData)` Output only. The list of fields in the field group.
`sourceUrl`	`string` Output only. The entity source URL.
`isIntegration`	`boolean` Output only. Flag that indicates whether the field group is related to a specific integration or not.
`isHighlight`	`boolean` Output only. Flag that indicates whether the field group is highlighted.
`isManuallyCreated`	`boolean` Output only. Flag that indicates whether the entity is manually created or not.

WidgetFieldData

Widget field data.

JSON representation
{ "originalName": string, "name": string, "value": string }

Fields

Fields
`originalName`	`string` Output only. Field name.
`name`	`string` Output only. Field display name.
`value`	`string` Output only. Field value.

originalName

string

Output only. Field name.

name

string

Output only. Field display name.

value

string

Output only. Field value.

EventsWidget

Events widget.

JSON representation

{
  "columns": [
    string
  ],
  "rows": [
    {
      object (EventWidgetRow)
    }
  ],
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`columns[]`	`string` Output only. The columns to display.
`rows[]`	`object (EventWidgetRow)` Output only. The rows to display.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

EventWidgetRow

Event widget row.

JSON representation
{ "sourceSystemName": string, "product": string, "eventName": string, "cells": [ { object (`EventWidgetCell`) } ], "fieldsGroups": [ { object (`WidgetFieldGroupData`) } ] }

Fields
`sourceSystemName`	`string` Output only. Which alerting system raises the alert. E.g. "QRadar", "Arcsight", "Microsoft CASB". The Integration Name in soar.
`product`	`string` Output only. The product associated with the alert. E.g. DLP, WinEventLog:Security
`eventName`	`string` Output only. Event display name. For example: Email Check, Data Exfiltration, IRC etc.
`cells[]`	`object (EventWidgetCell)` Output only. The cells to display.
`fieldsGroups[]`	`object (WidgetFieldGroupData)` Output only. The event fields.

EventWidgetCell

Event widget cell.

JSON representation
{ "value": string, "relatedEntity": { object (`SecurityEntity`) } }

Fields

value

string

Output only. The cell value.

relatedEntity

object (SecurityEntity)

Output only. The related entity.

SecurityEntity

Security entity.

JSON representation

{
  "entityType": string,
  "identifier": string,
  "caseId": integer,
  "isArtifact": boolean,
  "isEnriched": boolean,
  "isVulnerable": boolean,
  "isPivot": boolean,
  "environment": string,
  "sourceUrl": string,
  "fields": [
    {
      object (WidgetContextGroup)
    }
  ],
  "isSuspicious": boolean,
  "isInternal": boolean,
  "isManuallyCreated": boolean
}

Fields
`entityType`	`string` Output only. The entity type.
`identifier`	`string` Output only. The entity identifier.
`caseId`	`integer` Output only. The case id of the entity.
`isArtifact`	`boolean` Output only. Flag that indicates whether the entity is an artifact or not.
`isEnriched`	`boolean` Output only. Flag that indicates whether the entity is enriched or not.
`isVulnerable`	`boolean` Output only. Flag that indicates whether the entity is vulnerable or not.
`isPivot`	`boolean` Output only. Flag that indicates whether the entity is a pivot or not.
`environment`	`string` Output only. The environment the entity belongs to.
`sourceUrl`	`string` Output only. The source URL of the entity.
`fields[]`	`object (WidgetContextGroup)` Output only. The context groups.
`isSuspicious`	`boolean` Output only. Flag that indicates whether the entity is suspicious or not.
`isInternal`	`boolean` Output only. Flag that indicates whether the entity is internal or not.
`isManuallyCreated`	`boolean` Output only. Flag that indicates whether the entity is manually created or not.

WidgetContextGroup

Widget context group.

JSON representation
{ "isHighlight": boolean, "groupName": string, "hideOptions": boolean, "items": [ { object (`ContextStringItem`) } ] }

Fields
`isHighlight`	`boolean` Output only. Flag that indicates whether the context group is a highlight.
`groupName`	`string` Output only. The group name.
`hideOptions`	`boolean` Output only. Flag that indicates whether the context group is hidden.
`items[]`	`object (ContextStringItem)` Output only. The context string items.

ContextStringItem

Context string item.

JSON representation
{ "originalName": string, "name": string, "value": string }

Fields

originalName

string

Output only. The original name of the property.

name

string

Output only. The name of the context string item.

value

string

Output only. The value of the context string item.

FormWidget

Form widget.

JSON representation

{
  "customFieldValues": [
    {
      object (CustomFieldForm)
    }
  ],
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`customFieldValues[]`	`object (CustomFieldForm)` Output only. The custom field form.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

CustomFieldForm

Custom field form.

JSON representation
{ "id": integer, "mandatory": boolean, "order": integer, "isTrimmed": boolean, "values": [ string ] }

Fields
`id`	`integer` Output only. The unique identifier of the custom field.
`mandatory`	`boolean` Output only. Flag that indicates whether the form is mandatory or not.
`order`	`integer` Output only. The order in which the custom field appears within the form. Lower values indicate that the field should appear first.
`isTrimmed`	`boolean` Output only. Flag that indicates whether the form is trimmed or not.
`values[]`	`string` Output only. The values of the form.

GraphWidget

Graph widget.

JSON representation

{
  "investigator": {
    object (Investigator)
  },
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`investigator`	`object (Investigator)` Output only. The investigator to display.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

Investigator

Investigator.

JSON representation

{
  "nodes": [
    {
      object (GraphNodeGroup)
    }
  ],
  "relations": [
    {
      object (GraphRelationGroup)
    }
  ],
  "alerts": [
    {
      object (ApiSecurityAlertDetails)
    }
  ],
  "caseId": integer,
  "caseTitle": string,
  "lastModifed": string,
  "assignedUser": string,
  "tags": [
    string
  ],
  "priority": enum (LegacyCasePriority),
  "environment": string,
  "status": enum (CaseStatus)
}

Fields
`nodes[]`	`object (GraphNodeGroup)` Output only. The nodes to display.
`relations[]`	`object (GraphRelationGroup)` Output only. The relations to display.
`alerts[]`	`object (ApiSecurityAlertDetails)` Output only. The alerts to display.
`caseId`	`integer` Output only. The case id.
`caseTitle`	`string` Output only. The case title.
`lastModifed`	`string` Output only. The last modified time of the case.
`assignedUser`	`string` Output only. The assigned user.
`tags[]`	`string` Output only. The tags of the case.
`priority`	`enum (LegacyCasePriority)` Output only. The case priority.
`environment`	`string` Output only. The environment of the case.
`status`	`enum (CaseStatus)` Output only. The case status.

GraphNodeGroup

Graph node group.

JSON representation
{ "primaryNode": { object (`GraphNode`) }, "nodes": [ { object (`GraphNode`) } ] }

Fields

primaryNode

object (GraphNode)

Output only. The primary node.

nodes[]

object (GraphNode)

Output only. The nodes to display.

GraphNode

Graph node.

JSON representation

{
  "isInternal": boolean,
  "isSuspicious": boolean,
  "isArtifact": boolean,
  "isVulnerable": boolean,
  "isPivot": boolean,
  "identifier": string,
  "alertIdentifier": string,
  "type": string,
  "sourceUrl": string,
  "fields": [
    {
      object (WidgetContextGroup)
    }
  ]
}

Fields
`isInternal`	`boolean` Output only. Flag that indicates whether the node is internal or not.
`isSuspicious`	`boolean` Output only. Flag that indicates whether the node is suspicious or not.
`isArtifact`	`boolean` Output only. Flag that indicates whether the node is an artifact or not.
`isVulnerable`	`boolean` Output only. Flag that indicates whether the node is vulnerable or not.
`isPivot`	`boolean` Output only. Flag that indicates whether the node is a pivot or not.
`identifier`	`string` Output only. The node identifier.
`alertIdentifier`	`string` Output only. The alert identifier. This is a unique identifier for the alert. Format: {alertName}_{ticketId}
`type`	`string` Output only. The type of the node.
`sourceUrl`	`string` Output only. The source URL.
`fields[]`	`object (WidgetContextGroup)` Output only. The context groups.

GraphRelationGroup

Graph relation group.

JSON representation

{
  "fromType": string,
  "toType": string,
  "identifier": string,
  "fromIdentifier": string,
  "toIdentifier": string,
  "primaryRelation": {
    object (GraphRelation)
  },
  "relations": [
    {
      object (GraphRelation)
    }
  ]
}

Fields
`fromType`	`string` Output only. The from type of the relation.
`toType`	`string` Output only. The to type of the relation.
`identifier`	`string` Output only. The relation identifier.
`fromIdentifier`	`string` Output only. The from identifier.
`toIdentifier`	`string` Output only. The to identifier.
`primaryRelation`	`object (GraphRelation)` Output only. The primary relation.
`relations[]`	`object (GraphRelation)` Output only. The relations to display.

GraphRelation

Graph relation.

JSON representation
{ "eventId": string, "fromIdentifier": string, "toIdentifier": string, "identifier": string, "type": string, "fields": [ { object (`GraphRelationPropertyValue`) } ] }

Fields
`eventId`	`string` Output only. The event identifier.
`fromIdentifier`	`string` Output only. The from identifier.
`toIdentifier`	`string` Output only. The to identifier.
`identifier`	`string` Output only. The graph relation identifier.
`type`	`string` Output only. The type of the relation.
`fields[]`	`object (GraphRelationPropertyValue)` Output only. The graph relation property fields.

GraphRelationPropertyValue

The graph relation property value.

JSON representation
{ "key": string, "value": string }

Fields

key

string

Output only. The property key.

value

string

Output only. The property value.

ApiSecurityAlertDetails

Security alert details.

JSON representation

{
  "ticketId": string,
  "status": enum (AlertStatus),
  "identifier": string,
  "hasWorkflows": boolean,
  "workflowsStatus": enum (WorkflowStatus),
  "sourceSystemName": string,
  "securityEventCards": [
    {
      object (ApiSecurityEventDetails)
    }
  ],
  "entityCards": [
    {
      object (ApiSecurityEntityCard)
    }
  ],
  "productFamilies": [
    string
  ],
  "fields": [
    {
      object (WidgetContextGroup)
    }
  ],
  "name": string,
  "product": string,
  "startTimeUnixTimeInMs": string,
  "apiSlaExpiration": {
    object (AlertCardSla)
  },
  "isManualAlert": boolean,
  "priority": enum (LegacyCasePriority)
}

Fields
`ticketId`	`string` Output only. The ticket id.
`status`	`enum (AlertStatus)` Output only. The alert status.
`identifier`	`string` Output only. The alert identifier. This is a unique identifier for the alert. Format: {alertName}_{ticketId}
`hasWorkflows`	`boolean` Output only. Flag that indicates whether the alert has workflows or not.
`workflowsStatus`	`enum (WorkflowStatus)` Output only. The workflow status.
`sourceSystemName`	`string` Output only. The source system name.
`securityEventCards[]`	`object (ApiSecurityEventDetails)` Output only. The security event cards.
`entityCards[]`	`object (ApiSecurityEntityCard)` Output only. The entity cards of the alert.
`productFamilies[]`	`string` Output only. The product families of the alert.
`fields[]`	`object (WidgetContextGroup)` Output only. The fields of the alert.
`name`	`string` Output only. The alert name.
`product`	`string` Output only. The product of the alert.
`startTimeUnixTimeInMs`	`string (int64 format)` Output only. The start time of the alert.
`apiSlaExpiration`	`object (AlertCardSla)` Output only. The alert SLA.
`isManualAlert`	`boolean` Output only. Flag that indicates whether the alert is manual or not.
`priority`	`enum (LegacyCasePriority)` Output only. The alert priority.

ApiSecurityEventDetails

Security event details.

JSON representation

{
  "caseId": integer,
  "eventId": string,
  "alertIdentifier": string,
  "eventName": string,
  "product": string,
  "sources": [
    {
      object (EntityKey)
    }
  ],
  "destinations": [
    {
      object (EntityKey)
    }
  ],
  "artifactes": [
    {
      object (EntityKey)
    }
  ],
  "port": string,
  "outcome": string,
  "deviceEventClassId": string,
  "fields": [
    {
      object (WidgetContextGroup)
    }
  ],
  "timestamp": string
}

Fields
`caseId`	`integer` Output only. The case id.
`eventId`	`string` Output only. The event id.
`alertIdentifier`	`string` Output only. The alert identifier. This is a unique identifier for the alert. Format: {alertName}_{ticketId}
`eventName`	`string` Output only. The event name.
`product`	`string` Output only. The product name.
`sources[]`	`object (EntityKey)` Output only. The sources of the event.
`destinations[]`	`object (EntityKey)` Output only. The destinations of the event.
`artifactes[]`	`object (EntityKey)` Output only. The entities of the event.
`port`	`string` Output only. The port of the event.
`outcome`	`string` Output only. The outcome of the event.
`deviceEventClassId`	`string` Output only. The event class id of the event.
`fields[]`	`object (WidgetContextGroup)` Output only. The fields of the event.
`timestamp`	`string (Timestamp format)` Output only. The timestamp of the event. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.

ApiSecurityEntityCard

Security entity card.

JSON representation
{ "identifier": string, "entityType": string, "isSuspicious": boolean, "linkedEntities": [ { object (`ApiSecurityEntityCard`) } ], "direction": enum (`SecurityEntityDirection`) }

Fields
`identifier`	`string` Output only. The entity identifier.
`entityType`	`string` Output only. The entity type.
`isSuspicious`	`boolean` Output only. Flag that indicates whether the entity is suspicious or not.
`linkedEntities[]`	`object (ApiSecurityEntityCard)` Output only. The linked entities of the alert.
`direction`	`enum (SecurityEntityDirection)` Output only. The entity direction of the alert.

SecurityEntityDirection

The security entity direction.

Enums
`SECURITY_ENTITY_DIRECTION_UNSPECIFIED`	Unspecified entity direction.
`NONE`	Entity direction is none.
`INBOUND`	Entity direction is inbound.
`OUTBOUND`	Entity direction is outbound.
`BOTH`	Entity direction is both.

HtmlWidget

HTML widget.

JSON representation

{
  "htmlContent": string,
  "htmlHeight": integer,
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus),
  "safeRendering": boolean
}

Fields
`htmlContent`	`string` Output only. The html content.
`htmlHeight`	`integer` Output only. The html height.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.
`safeRendering`	`boolean` Output only. The html is safe to render.

InsightsWidget

Insights widget.

JSON representation

{
  "insights": [
    {
      object (CaseInsight)
    }
  ],
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`insights[]`	`object (CaseInsight)` Output only. The insights to display.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

CaseInsight

Case insight.

JSON representation

{
  "alertIdentifier": string,
  "caseId": integer,
  "triggeredBy": string,
  "title": string,
  "content": string,
  "entity": {
    object (SecurityEntity)
  },
  "severity": enum (CaseInsightSeverity),
  "type": enum (CaseInsightType),
  "additionalDataType": enum (CaseInsightType),
  "additionalData": string,
  "additionalDataTitle": string,
  "creatorUserName": string
}

Fields
`alertIdentifier`	`string` Output only. The alert identifier.
`caseId`	`integer` Output only. The case id.
`triggeredBy`	`string` Output only. The triggered by.
`title`	`string` Output only. The insight title.
`content`	`string` Output only. The insight content.
`entity`	`object (SecurityEntity)` Output only. The entity associated with the insight.
`severity`	`enum (CaseInsightSeverity)` Optional. Case insight severity.
`type`	`enum (CaseInsightType)` Optional. Case insight type.
`additionalDataType`	`enum (CaseInsightType)` Optional. Case additional data insight type.
`additionalData`	`string` Optional. Case Insight additional data.
`additionalDataTitle`	`string` Optional. Case Insight additional data.
`creatorUserName`	`string` Output only. The creator user name.

JsonResultsWidget

Json result widget.

JSON representation

{
  "jsonResult": string,
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`jsonResult`	`string` Output only. The json result.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

KeyValueWidget

Key value widget.

JSON representation

{
  "keyValues": [
    {
      object (KeyValueStatistics)
    }
  ],
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`keyValues[]`	`object (KeyValueStatistics)` Output only. The key value statistics.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

KeyValueStatistics

Key value statistics.

JSON representation
{ "key": string, "commonValue": string, "values": [ string ], "commonValueCount": integer, "totalValuesCount": integer, "order": integer }

Fields
`key`	`string` Output only. The key.
`commonValue`	`string` Output only. The common value.
`values[]`	`string` Output only. The values.
`commonValueCount`	`integer` Output only. The common value count.
`totalValuesCount`	`integer` Output only. The total values count.
`order`	`integer` Output only. The key value statistics order.

WorkflowPendingStepsWidget

Workflow pending step widget.

JSON representation

{
  "pendingSteps": [
    {
      object (WorkflowPendingStep)
    }
  ],
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`pendingSteps[]`	`object (WorkflowPendingStep)` Output only. The list of pending steps.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

WorkflowPendingStep

Workflow pending step.

JSON representation

{
  "workflowIdentifier": string,
  "parentWorkflowIdentifier": string,
  "workflowInstanceIdentifier": integer,
  "caseId": integer,
  "indicatorIdentifier": string,
  "alertGroupIdentifier": string,
  "status": enum (PendingStepStatus),
  "executingUser": string,
  "resultCode": integer,
  "message": string,
  "resultValue": string,
  "results": [
    {
      object (ScriptResultEntityData)
    }
  ],
  "targetEntities": [
    {
      object (PendingStepSecurityEntity)
    }
  ],
  "resultEntities": [
    {
      object (PendingStepSecurityEntity)
    }
  ],
  "properties": {
    string: string,
    ...
  },
  "actionDef": {
    object (PendingStepActionDefinition)
  },
  "blockStepId": string,
  "jsonResultObject": string,
  "integrationInstanceIdentifier": string,
  "integrationInstanceName": string,
  "integrationInstanceEnvironment": string,
  "description": string,
  "pendingStepProperties": {
    object (WorkflowPendingStepInstance)
  },
  "stepInstanceIdentifier": string,
  "identifier": string,
  "originalStepIdentifier": string,
  "isAutomatic": boolean,
  "isSkippable": boolean,
  "crationTimeUnixTimeInMs": string,
  "modifiedTimeUnixTimeInMs": string,
  "instanceName": string,
  "name": string,
  "integration": string,
  "actionProvider": string,
  "actionName": string,
  "type": enum (WorkflowStepType),
  "parameters": [
    {
      object (WorkflowStepParameter)
    }
  ],
  "autoSkipOnFailure": boolean,
  "isDebugMockData": boolean,
  "allowedToExecute": boolean,
  "loopIteration": integer
}

Fields
`workflowIdentifier`	`string` Output only. The workflow identifier associated with the pending step.
`parentWorkflowIdentifier`	`string` Output only. The parent workflow identifier associated with the pending step.
`workflowInstanceIdentifier`	`integer` Output only. The workflow instance identifier associated with the pending step.
`caseId`	`integer` Output only. The case id associated with the pending step.
`indicatorIdentifier`	`string` Output only. The identifier of the indicator associated with the pending step.
`alertGroupIdentifier`	`string` Output only. The alert group identifier associated with the pending step.
`status`	`enum (PendingStepStatus)` Output only. The pending step status.
`executingUser`	`string` Output only. The user who is executing the pending step.
`resultCode`	`integer` Output only. The result code of the pending step.
`message`	`string` Output only. The result message of the pending step.
`resultValue`	`string` Output only. The result value of the pending step.
`results[]`	`object (ScriptResultEntityData)` Output only. The result entity data of the pending step.
`targetEntities[]`	`object (PendingStepSecurityEntity)` Output only. The target entities of the pending step.
`resultEntities[]`	`object (PendingStepSecurityEntity)` Output only. The result entities of the pending step.
`properties`	`map (key: string, value: string)` Output only. The properties of the pending step. An object containing a list of `"key": value` pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }`.
`actionDef`	`object (PendingStepActionDefinition)` Output only. The action definition of the pending step.
`blockStepId`	`string` Output only. The block step identifier of the workflow pending step.
`jsonResultObject`	`string` Output only. The json result object of the workflow pending step.
`integrationInstanceIdentifier`	`string` Output only. The integration instance identifier of the workflow pending step.
`integrationInstanceName`	`string` Output only. The integration instance name of the workflow pending step.
`integrationInstanceEnvironment`	`string` Output only. The integration instance environment of the workflow pending step.
`description`	`string` Output only. The integration instance description of workflow pending step.
`pendingStepProperties`	`object (WorkflowPendingStepInstance)` Output only. The pending step properties of the workflow pending step.
`stepInstanceIdentifier`	`string` Output only. The step instance identifier of the workflow pending step.
`identifier`	`string` Output only. The identifier of the workflow pending step.
`originalStepIdentifier`	`string` Output only. The identifier of the original workflow pending step.
`isAutomatic`	`boolean` Output only. The flag that indicates whether the workflow step is automatic or not.
`isSkippable`	`boolean` Output only. The flag that indicates whether the workflow step is skippable or not.
`crationTimeUnixTimeInMs`	`string (int64 format)` Output only. The creation time unix time in milliseconds of the workflow step.
`modifiedTimeUnixTimeInMs`	`string (int64 format)` Output only. The modified time unix time in milliseconds of the workflow step.
`instanceName`	`string` Output only. The instance name of the workflow step.
`name`	`string` Output only. The name of the workflow step.
`integration`	`string` Output only. The integration of the workflow step.
`actionProvider`	`string` Output only. The action provider of the workflow step.
`actionName`	`string` Output only. The action name of the workflow step.
`type`	`enum (WorkflowStepType)` Output only. The type of the workflow step.
`parameters[]`	`object (WorkflowStepParameter)` Output only. The workflow step parameters.
`autoSkipOnFailure`	`boolean` Output only. The flag that indicates whether the workflow step is auto skip on failure or not.
`isDebugMockData`	`boolean` Output only. The flag that indicates whether the workflow step is debug mock data or not.
`allowedToExecute`	`boolean` Output only. The flag that indicates whether the pending step is allowed to execute.
`loopIteration`	`integer` Output only. The loop iteration of the workflow pending step.

PendingStepStatus

Pending step action status.

Enums
`ACTION_STATUS_UNSPECIFIED`	Unspecified action status.
`NO_STATUS`	Action is not started.
`FAULTED`	Action is faulted.
`IN_PROGRESS`	Action is in progress.
`COMPLETED`	Action is completed.
`PENDING_USER_INPUT`	Action is pending user input.
`PENDING_PREVIOUS_STEPS`	Action is pending previous steps.
`STARTED`	Action is started.
`FAULTED_AND_SKIPPED`	Action is faulted and skipped.
`HANDLED_TIMEDOUT`	Action is timed out.
`UNHANDLED_TIMEDOUT`	Action is unhandled timed out.
`TERMINATED`	Action is terminated.
`NOT_RUN_AND_SKIPPED`	Action is not run and skipped.
`PENDING_ACTION_TIMEOUT`	Action is pending action timeout.
`PENDING_ACTION_TIMEOUT_AND_SKIPPED`	Action is pending action timeout and skipped.

PendingStepSecurityEntity

The pending step security entity.

JSON representation

{
  "caseId": integer,
  "identifier": string,
  "entityType": string,
  "isInternal": boolean,
  "isSuspicious": boolean,
  "isArtifact": boolean,
  "isEnriched": boolean,
  "isVulnerable": boolean,
  "isPivot": boolean,
  "environment": string,
  "fields": [
    {
      object (PendingStepSecurityEntityPropertyValue)
    }
  ],
  "isManuallyCreated": boolean
}

Fields
`caseId`	`integer` Output only. The case id of the pending step.
`identifier`	`string` Output only. The identifier of the entity.
`entityType`	`string` Output only. The entity type of the entity.
`isInternal`	`boolean` Output only. The flag that indicates whether the entity is internal.
`isSuspicious`	`boolean` Output only. The flag that indicates whether the entity is suspicious.
`isArtifact`	`boolean` Output only. The flag that indicates whether the entity is an artifact.
`isEnriched`	`boolean` Output only. The flag that indicates whether the entity is enriched.
`isVulnerable`	`boolean` Output only. The flag that indicates whether the entity is vulnerable.
`isPivot`	`boolean` Output only. The flag that indicates whether the entity is a pivot.
`environment`	`string` Output only. The environment of the entity.
`fields[]`	`object (PendingStepSecurityEntityPropertyValue)` Output only. The fields of the pending step security entity.
`isManuallyCreated`	`boolean` Output only. The flag that indicates whether the entity is manually created.

PendingStepSecurityEntityPropertyValue

The pending step security entity property value.

JSON representation
{ "key": string, "value": string }

Fields

key

string

Output only. The key of the pending step security entity property value.

value

string

Output only. The value of the pending step security entity property value.

PendingStepActionDefinition

The action definition of the pending step.

JSON representation

{
  "name": string,
  "description": string,
  "script": string,
  "integrationIdentifier": string,
  "scriptResultName": string,
  "dynamicResultsMetadata": [
    {
      object (DynamicResultMetadata)
    }
  ],
  "creator": string,
  "version": number,
  "id": integer,
  "parameters": [
    {
      object (PendingStepActionDefinitionParameter)
    }
  ],
  "timeoutSeconds": integer,
  "asyncPollingIntervalInSeconds": integer,
  "totalIntervalTimeoutForAsyncInSeconds": integer,
  "defaultResultValue": string,
  "integrationInstances": [
    {
      object (ActionIntegrationInstance)
    }
  ],
  "hasJsonResult": boolean,
  "actionWidgetTemplateIdentifier": string,
  "isEnabled": boolean,
  "isAsync": boolean
}

Fields
`name`	`string` Output only. The name of the action definition.
`description`	`string` Output only. The description of the action definition.
`script`	`string` Output only. The script of the action definition.
`integrationIdentifier`	`string` Output only. The integration identifier of the action definition.
`scriptResultName`	`string` Output only. The script result name of the action definition.
`dynamicResultsMetadata[]`	`object (DynamicResultMetadata)` Output only. The dynamic result metadata of the action definition.
`creator`	`string` Output only. The creator of the action definition.
`version`	`number` Output only. The version of the action definition.
`id`	`integer` Output only. The id of the action definition.
`parameters[]`	`object (PendingStepActionDefinitionParameter)` Output only. The parameters of the action definition.
`timeoutSeconds`	`integer` Output only. The timeout seconds of the action definition.
`asyncPollingIntervalInSeconds`	`integer` Output only. The async polling interval seconds of the action definition.
`totalIntervalTimeoutForAsyncInSeconds`	`integer` Output only. The total interval timeout for async in seconds of the action definition.
`defaultResultValue`	`string` Output only. The default result value of the action definition.
`integrationInstances[]`	`object (ActionIntegrationInstance)` Output only. The integration instances of the action definition.
`hasJsonResult`	`boolean` Output only. The flag that indicates whether the action definition has json result or not.
`actionWidgetTemplateIdentifier`	`string` Output only. The action widget template identifier of the action definition.
`isEnabled`	`boolean` Output only. The flag that indicates whether the action definition is enabled.
`isAsync`	`boolean` Output only. The flag that indicates whether the action definition is async.

PendingStepActionDefinitionParameter

The action parameters of the action definition.

JSON representation

{
  "id": integer,
  "creationTimeUnixTimeInMs": string,
  "modifiedTimeUnixTimeInMs": string,
  "customActionId": string,
  "isMandatory": boolean,
  "defaultValue": string,
  "description": string,
  "name": string,
  "value": string,
  "type": enum (PendingStepActionDefinitionParameterType),
  "optionalValues": [
    string
  ]
}

Fields
`id`	`integer` Output only. The id of the action parameter.
`creationTimeUnixTimeInMs`	`string (int64 format)` Output only. The creation time of the action parameter.
`modifiedTimeUnixTimeInMs`	`string (int64 format)` Output only. The modified time of the action parameter.
`customActionId`	`string (int64 format)` Output only. The custom action id of the action parameter.
`isMandatory`	`boolean` Output only. The flag that indicates whether the action parameter is mandatory.
`defaultValue`	`string` Output only. The default value of the action parameter.
`description`	`string` Output only. The description of the action parameter.
`name`	`string` Output only. The name of the action parameter.
`value`	`string` Output only. The value of the action parameter.
`type`	`enum (PendingStepActionDefinitionParameterType)` Output only. The type of the action parameter.
`optionalValues[]`	`string` Output only. The optional values of the action parameter.

PendingStepActionDefinitionParameterType

The action parameter type of the action parameter.

Enums
`PENDING_STEP_ACTION_DEFINITION_PARAMETER_TYPE_UNSPECIFIED`	The action parameter type is unspecified.
`STRING`	The action parameter type is string.
`BOOLEAN`	The action parameter type is boolean.
`WFS_REPOSITORY`	The action parameter type is WFS repository.
`USER_REPOSITORY`	The action parameter type is user repository.
`STAGES_REPOSITORY`	The action parameter type is stages repository.
`CLOSE_CASE_REASON_REPOSITORY`	The action parameter type is close case reason repository.
`CLOSE_CASE_ROOT_CAUSE_REPOSITORY`	The action parameter type is close case root cause repository.
`PRIORITIES_REPOSITORY`	The action parameter type is priorities repository.
`EMAIL_CONTENT`	The action parameter type is email content.
`CONTENT`	The action parameter type is content.
`PASSWORD`	The action parameter type is password.
`ENTITY_TYPE`	The action parameter type is entity type.
`MULTI_VALUES`	The action parameter type is multi values.
`LIST`	The action parameter type is list.
`CODE`	The action parameter type is code.
`TIME_SPAN_SECONDS`	The action parameter type is time span seconds.
`MULTIPLE_CHOICE_PARAMETER`	The action parameter type is multiple choice.

ActionIntegrationInstance

The integration instance of the action definition.

JSON representation

{
  "identifier": string,
  "integrationIdentifier": string,
  "environmentIdentifier": string,
  "instanceName": string,
  "instanceDescription": string,
  "isConfigured": boolean,
  "isRemote": boolean,
  "isSystemDefault": boolean
}

Fields
`identifier`	`string` Output only. The identifier of the integration instance.
`integrationIdentifier`	`string` Output only. The identifier of the integration instance.
`environmentIdentifier`	`string` Output only. The environment identifier of the integration instance.
`instanceName`	`string` Output only. The instance name of the integration instance.
`instanceDescription`	`string` Output only. The instance description of the integration instance.
`isConfigured`	`boolean` Output only. The flag that indicates whether the integration instance is configured or not.
`isRemote`	`boolean` Output only. The flag that indicates whether the integration instance is remote or not.
`isSystemDefault`	`boolean` Output only. The flag that indicates whether the integration instance is system default or not.

WorkflowPendingStepInstance

The workflow pending step instance.

JSON representation

{
  "pendingStepTimeUnixTimeInMs": string,
  "caseTitle": string,
  "alertName": string,
  "messageToAssignee": string,
  "slaExpiration": {
    object (Sla)
  },
  "casePriority": enum (LegacyCasePriority),
  "alertPriority": enum (LegacyCasePriority),
  "pendingStepExpirationTimeUnixTimeInMs": string
}

Fields
`pendingStepTimeUnixTimeInMs`	`string (int64 format)` Output only. The pending step time unix time in milliseconds of the action definition.
`caseTitle`	`string` Output only. The case title of the action definition.
`alertName`	`string` Output only. The alert name of the action definition.
`messageToAssignee`	`string` Output only. The message to assignee of the action definition.
`slaExpiration`	`object (Sla)` Output only. The SLA of the action definition.
`casePriority`	`enum (LegacyCasePriority)` Output only. The case priority of the action definition.
`alertPriority`	`enum (LegacyCasePriority)` Output only. The alert priority of the action definition.
`pendingStepExpirationTimeUnixTimeInMs`	`string (int64 format)` Output only. The pending step expiration time unix time in milliseconds of the action definition.

WorkflowStepType

The workflow step type.

Enums
`WORKFLOW_STEP_TYPE_UNSPECIFIED`	The workflow step type is unspecified.
`ACTION`	The workflow step type is action.
`MULTI_CHOICE_QUESTION`	The workflow step type is multi choice question.
`PREVIOUS_ACTION`	The workflow step type is previous action.
`CASE_DATA_CONDITION`	The workflow step type is case data condition.
`CONDITION`	The workflow step type is condition.
`BLOCK`	The workflow step type is block.
`OUTPUT`	The workflow step type is output.
`PARALLEL_ACTIONS_CONTAINER`	The workflow step type is parallel actions container.
`FOR_EACH_START_LOOP`	The workflow step type is for each start loop.
`FOR_EACH_END_LOOP`	The workflow step type is for each end loop.

WorkflowStepParameter

The workflow step parameter.

JSON representation
{ "name": string, "value": string, "type": enum (`WorkflowStepParameterType`), "isMandatory": boolean, "defaultValue": string }

Fields
`name`	`string` Output only. The name of the workflow step parameter.
`value`	`string` Output only. The value of the workflow step parameter.
`type`	`enum (WorkflowStepParameterType)` Output only. The type of the workflow step parameter.
`isMandatory`	`boolean` Output only. The flag that indicates whether the workflow step parameter is mandatory or not.
`defaultValue`	`string` Output only. The default value of the workflow step parameter.

WorkflowStepParameterType

The workflow step parameter type.

Enums
`WORKFLOW_STEP_PARAMETER_TYPE_UNSPECIFIED`	The action parameter type is unspecified.
`STRING`	The action parameter type is string.
`BOOLEAN`	The action parameter type is boolean.
`WFS_REPOSITORY`	The action parameter type is WFS repository.
`USER_REPOSITORY`	The action parameter type is user repository.
`STAGES_REPOSITORY`	The action parameter type is stages repository.
`CLOSE_CASE_REASON_REPOSITORY`	The action parameter type is close case reason repository.
`CLOSE_CASE_ROOT_CAUSE_REPOSITORY`	The action parameter type is close case root cause repository.
`PRIORITIES_REPOSITORY`	The action parameter type is priorities repository.
`EMAIL_CONTENT`	The action parameter type is email content.
`CONTENT`	The action parameter type is content.
`PASSWORD`	The action parameter type is password.
`ENTITY_TYPE`	The action parameter type is entity type.
`MULTI_VALUES`	The action parameter type is multi values.
`LIST`	The action parameter type is list.
`CODE`	The action parameter type is code.
`TIME_SPAN_SECONDS`	The action parameter type is time span seconds.
`MULTIPLE_CHOICE_PARAMETER`	The action parameter type is multiple choice.

PotentiallyGroupedAlertsWidget

Potentially grouped alerts widget.

JSON representation

{
  "potentiallyGroupedAlerts": [
    {
      object (PotentiallyGroupedAlert)
    }
  ],
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`potentiallyGroupedAlerts[]`	`object (PotentiallyGroupedAlert)` Output only. The list of potentially grouped alerts.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

PotentiallyGroupedAlert

Potentially grouped alert.

JSON representation
{ "alertName": string, "alertIdentifier": string, "ingestionDateUnixTime": integer, "priority": enum (`LegacyCasePriority`), "caseId": integer, "caseStatus": enum (`CaseStatus`) }

Fields
`alertName`	`string` Output only. The alert name.
`alertIdentifier`	`string` Output only. The alert identifier.
`ingestionDateUnixTime`	`integer` Output only. The alert ingestion date in unix time in milliseconds.
`priority`	`enum (LegacyCasePriority)` Output only. The alert priority.
`caseId`	`integer` Output only. The alert case id.
`caseStatus`	`enum (CaseStatus)` Output only. The alert case data state.

QuickActionsWidget

Quick actions widget.

JSON representation

{
  "actions": [
    {
      object (QuickAction)
    }
  ],
  "information": string,
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`actions[]`	`object (QuickAction)` Output only. The list of quick actions.
`information`	`string` Output only. The widget information.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

QuickAction

Quick action.

JSON representation

{
  "integrationIdentifier": string,
  "actionName": string,
  "order": integer,
  "quickButton": {
    object (QuickActionButton)
  },
  "parametersList": [
    {
      object (QuickActionParameterValue)
    }
  ],
  "instanceId": string,
  "instanceConfiguration": {
    object (QuickActionInstanceConfiguration)
  },
  "entitiesGroup": string
}

Fields
`integrationIdentifier`	`string` Output only. The action integration identifier.
`actionName`	`string` Output only. The action name.
`order`	`integer` Output only. The order for this action in the widget.
`quickButton`	`object (QuickActionButton)` Output only. The quick button for this action.
`parametersList[]`	`object (QuickActionParameterValue)` Output only. The parameters for this action.
`instanceId`	`string` Output only. The action instance id.
`instanceConfiguration`	`object (QuickActionInstanceConfiguration)` Output only. The configuration for this action instance.
`entitiesGroup`	`string` Output only. The entities group for this action.

SiemAlertsWidget

Siem alerts widget.

JSON representation

{
  "siemAlertIds": [
    string
  ],
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`siemAlertIds[]`	`string` Output only. The list of siem alerts ids.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

StatisticsWidget

Statistics widget.

JSON representation

{
  "fields": [
    {
      object (FieldDistribution)
    }
  ],
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`fields[]`	`object (FieldDistribution)` Output only. The field distribution.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

FieldDistribution

Field distribution.

JSON representation
{ "displayFieldName": string, "rawFieldName": string, "values": [ { object (`FieldValueData`) } ] }

Fields

displayFieldName

string

Output only. The field name.

rawFieldName

string

Output only. The raw field name.

values[]

object (FieldValueData)

Output only. The field values.

FieldValueData

Field value data.

JSON representation
{ "value": string, "count": integer, "percentage": integer }

Fields

value

string

Output only. The field value.

count

integer

Output only. The count of the field value.

percentage

integer

Output only. The percentage of the field value.

TextWidget

Text widget.

JSON representation

{
  "text": string,
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`text`	`string` Output only. The text of the widget.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

TimelineWidget

Timeline widget.

JSON representation

{
  "alerts": [
    {
      object (AlertCard)
    }
  ],
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`alerts[]`	`object (AlertCard)` Output only. The time line widget title.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

WallActivitiesWidget

Wall activities widget.

JSON representation

{
  "wallActivities": [
    {
      object (CaseWallActivity)
    }
  ],
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`wallActivities[]`	`object (CaseWallActivity)` Output only. The case wall activities.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

CaseWallActivity

Case wall activity.

JSON representation

{
  "creatorUserId": string,
  "creatorFullName": string,
  "id": integer,
  "type": enum (CaseWallActivityType),
  "caseId": integer,
  "isFavorite": boolean,
  "modificationTimeUnixTimeInMs": string,
  "creationTimeUnixTimeInMs": string,
  "alertIdentifier": string,
  "title": string
}

Fields
`creatorUserId`	`string` Output only. The creator user id.
`creatorFullName`	`string` Output only. The creator full name.
`id`	`integer` Output only. The wall activity id.
`type`	`enum (CaseWallActivityType)` Output only. The case wall activity type.
`caseId`	`integer` Output only. The case id.
`isFavorite`	`boolean` Output only. Flag that indicates whether the case is a favorite.
`modificationTimeUnixTimeInMs`	`string (int64 format)` Output only. The wall activity modification unixtime in milliseconds.
`creationTimeUnixTimeInMs`	`string (int64 format)` Output only. The wall activity creation unixtime in milliseconds.
`alertIdentifier`	`string` Output only. The alert identifier. This is a unique identifier for the alert. Format: {alertName}_{ticketId}
`title`	`string` Output only. The wall activity title.

CaseWallActivityType

Casewall activity type.

Enums
`WALL_ACTIVITY_TYPE_UNSPECIFIED`	The wall activity type is unspecified.
`CASE_ALERT_DATA`	The wall activity type is case alert data.
`CASE_STATUS_CHANGE`	The wall activity type is case status change.
`CASE_TASK`	The wall activity type is case task.
`CASE_ACTION`	The wall activity type is case action.
`CASE_EVIDENCE`	The wall activity type is case evidence.
`CASE_COMMENT`	The wall activity type is case comment.
`CASE_INSIGHT`	The wall activity type is case insight.
`CASE_CREATION`	The wall activity type is case creation.
`CASE_EXTERNAL_CHANNEL_MESSAGE`	The wall activity type is case external channel message.
`PINNED_CASE_CHAT_MESSAGE`	The wall activity type is case pinned chat message.
`CASE_LINK`	The wall activity type is case link.

RuleOverviewWidget

Rule overview widget.

JSON representation

{
  "ruleId": string,
  "title": string,
  "order": integer,
  "type": enum (WidgetTemplateType),
  "gridColumns": enum (WidgetTemplateGridColumns),
  "description": string,
  "identifier": string,
  "jsonData": string,
  "errorJsonData": string,
  "resultStatus": enum (WidgetResultStatus)
}

Fields
`ruleId`	`string` Output only. The rule id.
`title`	`string` Output only. The widget title.
`order`	`integer` Output only. The widget order.
`type`	`enum (WidgetTemplateType)` Output only. The widget template type.
`gridColumns`	`enum (WidgetTemplateGridColumns)` Output only. The widget template grid columns.
`description`	`string` Output only. The widget description.
`identifier`	`string` Output only. The widget identifier.
`jsonData`	`string` Output only. The widget json data.
`errorJsonData`	`string` Output only. The widget error json data.
`resultStatus`	`enum (WidgetResultStatus)` Output only. The widget result status.

Method: cases.resolveOverviewWidget Stay organized with collections Save and categorize content based on your preferences.

HTTP request

Path parameters

Query parameters

Request body

Response body

Authorization scopes

IAM Permissions

AlertOverviewWidget

AlertCard

AlertCardSla

AlertCardFieldGroupData

AlertCardFieldData

WidgetTemplateType

WidgetTemplateGridColumns

WidgetResultStatus

CaseApsGrapthWidget

CaseAssistantWidget

AiCaseAssistantStatus

CaseAssistantSummaryData

CaseAssistantType

CaseAssistantReasonsData

CaseAssistantNextStepsData

CaseDescriptionWidget

CaseImpactedResourcesWidget

CaseRecommendationsWidget

SimilarCase

SimilarCaseOutcomeStatus

AnalystUserDetails

CaseRelatedFindingsWidget

EntitiesHighlightWidget

EntityData

WidgetFieldGroupData

WidgetFieldData

EventsWidget

EventWidgetRow

EventWidgetCell

SecurityEntity

WidgetContextGroup

ContextStringItem

FormWidget

CustomFieldForm

GraphWidget

Investigator

GraphNodeGroup

GraphNode

GraphRelationGroup

GraphRelation

GraphRelationPropertyValue

ApiSecurityAlertDetails

ApiSecurityEventDetails

ApiSecurityEntityCard

SecurityEntityDirection

HtmlWidget

InsightsWidget

CaseInsight

JsonResultsWidget

KeyValueWidget

KeyValueStatistics

WorkflowPendingStepsWidget

WorkflowPendingStep

PendingStepStatus

PendingStepSecurityEntity

PendingStepSecurityEntityPropertyValue

PendingStepActionDefinition

PendingStepActionDefinitionParameter

PendingStepActionDefinitionParameterType

ActionIntegrationInstance

WorkflowPendingStepInstance

WorkflowStepType

WorkflowStepParameter

WorkflowStepParameterType

PotentiallyGroupedAlertsWidget

PotentiallyGroupedAlert

QuickActionsWidget

QuickAction

SiemAlertsWidget

StatisticsWidget

FieldDistribution

FieldValueData

Method: cases.resolveOverviewWidget