Method: instances.findEntityAlerts

Full name: projects.locations.instances.findEntityAlerts

Get alerts for an entity. The API returns a maximum of 1000 alerts for the requested entity.

HTTP request

GET https://{endpoint}/v1beta/{instance}:findEntityAlerts

Where {endpoint} is one of the supported service endpoints.

Path parameters

Parameters
instance

string

Required. The ID of the Instance to summarize entity for. Format: projects/{project}/locations/{location}/instances/{instance}

Query parameters

Parameters
timeRange

object (Interval)

Required. Time range to retrieve the alerts for [Inclusive start time, exclusive end time).
Union parameter id. Identifier to find the entity. id can be only one of the following:
entityId

string

ID of the entity.
fieldAndValue

object (FieldAndValue)

Field path or type with value to identify entity.

Request body

The request body must be empty.

Response body

Response message to retrieve alerts for an entity.

If successful, the response body contains data with the following structure:

JSON representation 
{
  "alertCounts": [
    {
      object (AlertCountByRule)
    }
  ],
  "hasMoreAlerts": boolean,
  "timeline": {
    object (Timeline)
  }
}
Fields
alertCounts[]

object (AlertCountByRule)

Rule names with alert count for each.
hasMoreAlerts

boolean

Indicates if there are more alerts than the limit (1000 currently).
timeline

object (Timeline)

Bucketed timeline with alert count.

Authorization scopes

Requires one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-platform
  • https://www.googleapis.com/auth/chronicle
  • https://www.googleapis.com/auth/chronicle.readonly

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

  • chronicle.entities.findEntityAlerts

For more information, see the IAM documentation.