Chronicle API

The Google Cloud Security Operations API (Chronicle API) provides endpoints that help analysts investigate and mitigate security threats throughout their lifecycle.

Service: chronicle.googleapis.com

Service endpoint

A service endpoint is a base URL that specifies the network address of an API service. One service might have multiple service endpoints.This service has the following service endpoints and all URIs below are relative to these service endpoints:

  • https://us-chronicle.googleapis.com
  • https://eu-chronicle.googleapis.com
  • https://europe-chronicle.googleapis.com
  • https://africa-south1-chronicle.googleapis.com
  • https://asia-east1-chronicle.googleapis.com
  • https://asia-northeast1-chronicle.googleapis.com
  • https://asia-northeast3-chronicle.googleapis.com
  • https://asia-south1-chronicle.googleapis.com
  • https://asia-southeast1-chronicle.googleapis.com
  • https://asia-southeast2-chronicle.googleapis.com
  • https://australia-southeast1-chronicle.googleapis.com
  • https://europe-central2-chronicle.googleapis.com
  • https://europe-west12-chronicle.googleapis.com
  • https://europe-west2-chronicle.googleapis.com
  • https://europe-west3-chronicle.googleapis.com
  • https://europe-west6-chronicle.googleapis.com
  • https://europe-west9-chronicle.googleapis.com
  • https://me-central1-chronicle.googleapis.com
  • https://me-central2-chronicle.googleapis.com
  • https://me-west1-chronicle.googleapis.com
  • https://northamerica-northeast2-chronicle.googleapis.com
  • https://southamerica-east1-chronicle.googleapis.com

REST Resource: v1beta.projects.locations.instances

Methods
computeAllFindingsRefinementActivities POST /v1beta/{instance}:computeAllFindingsRefinementActivities
Returns findings refinement activity for all findings refinements.
extractSyslog POST /v1beta/{instance}:extractSyslog
ExtractSyslog extracts structured part of log from a unstructured log by running a grok regex over it.
findEntity GET /v1beta/{instance}:findEntity
Identifies the entity type and retrieves relevant data associated with a specified indicator.
findEntityAlerts GET /v1beta/{instance}:findEntityAlerts
Get alerts for an entity.
findRelatedEntities GET /v1beta/{instance}:findRelatedEntities
Finds all the entities associated with provided entity.
findUdmFieldValues GET /v1beta/{instance}:findUdmFieldValues
Finds ingested UDM field values that match a query.
generateCollectionAgentAuth POST /v1beta/{name}:generateCollectionAgentAuth
GenerateCollectionAgentAuth generates an auth json file for the collection agent.
generateUdmKeyValueMappings POST /v1beta/{instance}:generateUdmKeyValueMappings
GenerateUDMKeyValueMappings generates key value mapping of a raw log.
get GET /v1beta/{name}
Gets a Instance.
getBigQueryExport GET /v1beta/{name}
Get the BigQuery export configuration for a Chronicle instance.
getEnrichmentCombination GET /v1beta/{name}
Get the EnrichmentCombination.
getRiskConfig GET /v1beta/{name}
Queries the instance to get the Risk Configurations used for the computation of Entity Risk Score.
getThreatCollectionFilterSet GET /v1beta/{name}
Get the set of threat collection filter options.
listAllFindingsRefinementDeployments GET /v1beta/{instance}:listAllFindingsRefinementDeployments
Lists all findings refinement deployments.
queryProductSourceStats GET /v1beta/{instance}:queryProductSourceStats
Gets available product sources along with their stats.
searchEntities GET /v1beta/{instance}:searchEntities
Identifies the entity type and retrieves relevant data associated with a specified indicator.
submitResponseFeedback POST /v1beta/{instance}:submitResponseFeedback
Submits user feedback for a specific platform interaction or feature.
summarizeEntitiesFromQuery GET /v1beta/{instance}:summarizeEntitiesFromQuery
Parses the query and identifies the entities contained within the search query.
summarizeEntity GET /v1beta/{instance}:summarizeEntity
Returns all entity data over specified time.
testFindingsRefinement POST /v1beta/{instance}:testFindingsRefinement
Tests for and returns past activity for a findings refinement, including, potentially, times when the findings refinement was not yet created.
udmSearch GET /v1beta/{instance}:udmSearch
Performs a UDM search that returns matching events for the query.
updateBigQueryExport PATCH /v1beta/{bigQueryExport.name}
Update the BigQuery export configuration for a Chronicle instance.
updateRiskConfig PATCH /v1beta/{riskConfig.name}
Updates RiskConfig used for the computation of Entity Risk Score.
validateQuery GET /v1beta/{instance}:validateQuery
Validates UDM search query by compiling the query.
verifyReferenceList POST /v1beta/{instance}:verifyReferenceList
VerifyReferenceList validates list content and returns line errors, if any.
verifyRuleText POST /v1beta/{instance}:verifyRuleText
Verifies the given rule text.

REST Resource: v1beta.projects.locations.instances.alertGroupingRules

Methods
create POST /v1beta/{parent}/alertGroupingRules
Creates a new alert grouping rule.
delete DELETE /v1beta/{name}
Deletes an alert grouping rule.
get GET /v1beta/{name}
Gets an alert grouping rule.
list GET /v1beta/{parent}/alertGroupingRules
Lists alert grouping rules.
patch PATCH /v1beta/{alertGroupingRule.name}
Updates an existing alert grouping rule.

REST Resource: v1beta.projects.locations.instances.announcements

Methods
create POST /v1beta/{parent}/announcements
Creates a new announcement.
delete DELETE /v1beta/{name}
Deletes an announcement.
get GET /v1beta/{name}
Gets a specific announcement.
list GET /v1beta/{parent}/announcements
Lists announcements for a specific instance.
patch PATCH /v1beta/{announcement.name}
Updates an existing announcement.

REST Resource: v1beta.projects.locations.instances.bigQueryExport

Methods
provision POST /v1beta/{parent}/bigQueryExport:provision
Provision the BigQuery export for a Chronicle instance.

REST Resource: v1beta.projects.locations.instances.caseCloseDefinitions

Methods
create POST /v1beta/{parent}/caseCloseDefinitions
Creates a new CaseCloseDefinition.
delete DELETE /v1beta/{name}
Deletes a CaseCloseDefinition.
get GET /v1beta/{name}
Gets a single CaseCloseDefinition by its resource name.
list GET /v1beta/{parent}/caseCloseDefinitions
Lists all CaseCloseDefinitions.
patch PATCH /v1beta/{caseCloseDefinition.name}
Updates an existing CaseCloseDefinition.

REST Resource: v1beta.projects.locations.instances.caseQueueFilters

Methods
create POST /v1beta/{parent}/caseQueueFilters
Creates a new CaseQueueFilter.
delete DELETE /v1beta/{name}
Deletes a CaseQueueFilter.
get GET /v1beta/{name}
Gets a single CaseQueueFilter by its resource name.
getShareConfig GET /v1beta/{name}
Gets the ShareConfig for a specific CaseQueueFilter.
list GET /v1beta/{parent}/caseQueueFilters
Lists CaseQueueFilters available to the user.
patch PATCH /v1beta/{caseQueueFilter.name}
Updates an existing CaseQueueFilter.
updateShareConfig PATCH /v1beta/{shareConfig.name}
Updates the ShareConfig for a specific CaseQueueFilter.

REST Resource: v1beta.projects.locations.instances.caseStageDefinitions

Methods
create POST /v1beta/{parent}/caseStageDefinitions
Creates a new CaseStageDefinition.
delete DELETE /v1beta/{name}
Deletes a CaseStageDefinition.
get GET /v1beta/{name}
Gets a single CaseStageDefinition by its resource name.
list GET /v1beta/{parent}/caseStageDefinitions
Lists all CaseStageDefinitions available in the instance.
patch PATCH /v1beta/{caseStageDefinition.name}
Updates an existing CaseStageDefinition.

REST Resource: v1beta.projects.locations.instances.caseTagDefinitions

Methods
create POST /v1beta/{parent}/caseTagDefinitions
Creates a new CaseTagDefinition.
delete DELETE /v1beta/{name}
Deletes a CaseTagDefinition.
get GET /v1beta/{name}
Gets a single CaseTagDefinition by its resource name.
import POST /v1beta/{parent}/caseTagDefinitions:import
Imports CaseTagDefinitions from a CSV file.
list GET /v1beta/{parent}/caseTagDefinitions
Lists all CaseTagDefinitions available in the instance.
patch PATCH /v1beta/{caseTagDefinition.name}
Updates an existing CaseTagDefinition.

REST Resource: v1beta.projects.locations.instances.cases

Methods
addTag POST /v1beta/{name}:addTag
Adds a tag to a Case.
createInsight POST /v1beta/{name}:createInsight
Adds an insight to a Case.
executeBulkAddTag POST /v1beta/{parent}/cases:executeBulkAddTag
Adds a tag to multiple cases in a single operation.
executeBulkAssign POST /v1beta/{parent}/cases:executeBulkAssign
Assigns multiple cases to a specific analyst or SOC role in bulk.
executeBulkChangePriority POST /v1beta/{parent}/cases:executeBulkChangePriority
Changes the priority level for multiple cases in bulk.
executeBulkChangeStage POST /v1beta/{parent}/cases:executeBulkChangeStage
Updates the case stage for multiple cases in bulk.
executeBulkClose POST /v1beta/{parent}/cases:executeBulkClose
Closes multiple cases in a single operation.
executeBulkReopen POST /v1beta/{parent}/cases:executeBulkReopen
Reopens multiple previously closed cases in a single operation.
generateReport POST /v1beta/{name}:generateReport
Generates a report for a Case in a specified format (e.g., PDF, HTML).
get GET /v1beta/{name}
Gets a single Case by its resource name.
getCaseOverviewData GET /v1beta/{name}:caseOverviewData
Retrieves the case view metadaata.
list GET /v1beta/{parent}/cases
Lists Cases in an instance.
merge POST /v1beta/{parent}/cases:merge
Merges one or more cases into a single destination case.
patch PATCH /v1beta/{case.name}
Updates an existing Case.
pauseSla POST /v1beta/{name}:pauseSla
Pauses the Service Level Agreement (SLA) timer for a specific Case.
removeTag POST /v1beta/{name}:removeTag
Removes a tag from a Case.
resolveOverviewWidget GET /v1beta/{name}:resolveOverviewWidget
Resolves updated data for a specific case overview widget.
resumeSla POST /v1beta/{name}:resumeSla
Resumes a previously paused SLA timer for a Case.

REST Resource: v1beta.projects.locations.instances.cases.alerts.customFieldValues

Methods
batchUpdate POST /v1beta/{parent}/customFieldValues:batchUpdate
Performs a bulk update of multiple custom field values in a single operation.
get GET /v1beta/{name}
Gets a single custom field value by its resource name.
list GET /v1beta/{parent}/customFieldValues
Lists all custom field values for a specific case or alert.
patch PATCH /v1beta/{customFieldValue.name}
Updates (or creates if not present) the value of a custom field.

REST Resource: v1beta.projects.locations.instances.cases.caseAlerts

Methods
createRecommendationLongRunning POST /v1beta/{parent}:createRecommendationLongRunning
Initiates an asynchronous request to generate a new AI recommendation for an alert.
fetchRecommendation GET /v1beta/{parent}/caseAlerts:fetchRecommendation
Fetches a previously generated AI-driven recommendation for an alert.
get GET /v1beta/{name}
Gets a single CaseAlert.
getAlertOverviewData GET /v1beta/{name}:alertOverviewData
Retrieves a view of widgets for a specific alert.
list GET /v1beta/{parent}/caseAlerts
Lists CaseAlerts within a specific Case.
listAlertViews GET /v1beta/{name}:listAlertViews
Lists the different UI views available for presenting an alert's data.
move POST /v1beta/{name}:move
Moves a CaseAlert to a different Case.
patch PATCH /v1beta/{caseAlert.name}
Updates an existing CaseAlert.
pauseSla POST /v1beta/{name}:pauseSla
Pauses the SLA timer for a CaseAlert.
resolveOverviewWidget GET /v1beta/{name}:resolveOverviewWidget
Resolves the data for a specific alert overview widget.
resumeSla POST /v1beta/{name}:resumeSla
Resumes a previously paused SLA timer for a CaseAlert.
setSla POST /v1beta/{name}:setSla
Sets the Service Level Agreement (SLA) for a specific CaseAlert.

REST Resource: v1beta.projects.locations.instances.cases.caseAlerts.connectorEvents

Methods
get GET /v1beta/{name}
Get a ConnectorEvent.
getFormatted GET /v1beta/{parent}/connectorEvents:formatted
Get a formatted ConnectorEvents for a given case/alert.
list GET /v1beta/{parent}/connectorEvents
List page of ConnectorEvents.

REST Resource: v1beta.projects.locations.instances.cases.caseAlerts.contextProperties

Methods
clearAll POST /v1beta/{parent}/contextProperties:clearAll
Deletes all context properties associated with a specific parent context.
create POST /v1beta/{parent}/contextProperties
Creates a new context property.
delete DELETE /v1beta/{name}
Deletes a specific context property.
get GET /v1beta/{name}
Gets a single context property by its resource name.
list GET /v1beta/{parent}/contextProperties
Lists all context properties for a specific parent entity.
patch PATCH /v1beta/{contextProperty.name}
Updates an existing context property.

REST Resource: v1beta.projects.locations.instances.cases.caseAlerts.involvedEntities

Methods
addProperty POST /v1beta/{name}:addProperty
Adds a new custom property to an InvolvedEntity.
create POST /v1beta/{parent}/involvedEntities
Manually adds a new InvolvedEntity to a case and alert.
fetchCards GET /v1beta/{parent}/involvedEntities:fetchCards
Returns metadate of each involved entity in a specific alert, including their connectivity and high-level status.
get GET /v1beta/{name}
Gets a single InvolvedEntity by its resource name.
list GET /v1beta/{parent}/involvedEntities
Lists all InvolvedEntities associated with a specific case and alert.
patch PATCH /v1beta/{involvedEntity.name}
Updates an existing InvolvedEntity.
updateProperty POST /v1beta/{name}:updateProperty
Updates the value of an existing custom property on an InvolvedEntity.

REST Resource: v1beta.projects.locations.instances.cases.caseComments

Methods
create POST /v1beta/{parent}/caseComments
Creates a new CaseComment.
delete DELETE /v1beta/{name}
Performs a soft delete of a CaseComment.
get GET /v1beta/{name}
Gets a single CaseComment by its resource name.
list GET /v1beta/{parent}/caseComments
Lists CaseComments associated with a specific Case.
patch PATCH /v1beta/{caseComment.name}
Updates an existing CaseComment.

REST Resource: v1beta.projects.locations.instances.cases.caseWallRecords

Methods
favorite PATCH /v1beta/{favoriteRequest.name}:favorite
Sets or unsets (toggles) the favorite status of a wall record.
fetchActivitiesCount GET /v1beta/{parent}/caseWallRecords:fetchActivitiesCount
Returns the count of case activities, optionally filtered by type.
get GET /v1beta/{name}
Gets a single CaseWallRecord by its resource name.
list GET /v1beta/{parent}/caseWallRecords
Lists CaseWallRecords for a specific Case.

REST Resource: v1beta.projects.locations.instances.cases.chatMessages

Methods
create POST /v1beta/{parent}/chatMessages
Creates a new ChatMessage in a Case.
get GET /v1beta/{name}
Gets a single ChatMessage by its resource name.
list GET /v1beta/{parent}/chatMessages
Lists ChatMessages for a specific Case.
pinMessage POST /v1beta/{name}:pinMessage
Pins a specific ChatMessage to the Case wall.
unpinMessage POST /v1beta/{name}:unpinMessage
Unpins a pinned ChatMessage from the Case wall.
unreadMessagesCount GET /v1beta/{parent}/chatMessages:unreadMessagesCount
Returns the number of ChatMessages in the Case chat that the current user has not yet read.
upload POST /v1beta/{parent}/chatMessages:createWithAttachment
POST /upload/v1beta/{parent}/chatMessages:createWithAttachment
Creates a ChatMessage in a Case and uploads a ChatMessageAttachment.

REST Resource: v1beta.projects.locations.instances.cases.chatMessages.attachments

Methods
download GET /v1beta/{name}:download
Downloads the raw content of a ChatMessageAttachment.

REST Resource: v1beta.projects.locations.instances.cases.contextProperties

Methods
clearAll POST /v1beta/{parent}/contextProperties:clearAll
Deletes all context properties associated with a specific parent context.
create POST /v1beta/{parent}/contextProperties
Creates a new context property.
delete DELETE /v1beta/{name}
Deletes a specific context property.
get GET /v1beta/{name}
Gets a single context property by its resource name.
list GET /v1beta/{parent}/contextProperties
Lists all context properties for a specific parent entity.
patch PATCH /v1beta/{contextProperty.name}
Updates an existing context property.

REST Resource: v1beta.projects.locations.instances.cases.customFieldValues

Methods
batchUpdate POST /v1beta/{parent}/customFieldValues:batchUpdate
Performs a bulk update of multiple custom field values in a single operation.
get GET /v1beta/{name}
Gets a single custom field value by its resource name.
list GET /v1beta/{parent}/customFieldValues
Lists all custom field values for a specific case or alert.
patch PATCH /v1beta/{customFieldValue.name}
Updates (or creates if not present) the value of a custom field.

REST Resource: v1beta.projects.locations.instances.contentHub.contentPacks

Methods
add POST /v1beta/{parent}/contentPacks:add
Creates a new custom ContentPack.
alignPlaybooks POST /v1beta/{name}:alignPlaybooks
Aligns playbooks in a content pack with configured integration instances.
delete DELETE /v1beta/{name}
Deletes a specific ContentPack.
deployConnectorInstances POST /v1beta/{name}:deployConnectorInstances
Deploys connector instances from a content pack.
deployPlaybooks POST /v1beta/{name}:deployPlaybooks
Deploys playbooks contained within a content pack.
deployTestCases POST /v1beta/{name}:deployTestCases
Deploys test cases from a content pack into the SecOps instance.
download GET /v1beta/{name}:exportPack
Exports a content pack as a ZIP file.
get GET /v1beta/{name}
Gets a single ContentPack by its resource name.
installIntegration POST /v1beta/{name}:installIntegration
Installs a specific integration from a content pack.
list GET /v1beta/{parent}/contentPacks
Lists ContentPacks available in the Content Hub.
markAsDeployed POST /v1beta/{name}:markAsDeployed
Marks a content pack as fully deployed.
upload POST /v1beta/{parent}/contentPacks:importPack
POST /upload/v1beta/{parent}/contentPacks:importPack
Imports a content pack from a ZIP file (up to 500MB).

REST Resource: v1beta.projects.locations.instances.contentHub.featuredContentNativeDashboards

Methods
get GET /v1beta/{name}
Get a native dashboard featured content.
install POST /v1beta/{name}:install
Install a native dashboard featured content.
list GET /v1beta/{parent}/featuredContentNativeDashboards
List all native dashboards featured content.

REST Resource: v1beta.projects.locations.instances.contentHub.featuredContentRules

Methods
list GET /v1beta/{parent}/featuredContentRules
Lists FeaturedContentRules

REST Resource: v1beta.projects.locations.instances.contextProperties

Methods
clearAll POST /v1beta/{parent}/contextProperties:clearAll
Deletes all context properties associated with a specific parent context.
create POST /v1beta/{parent}/contextProperties
Creates a new context property.
delete DELETE /v1beta/{name}
Deletes a specific context property.
get GET /v1beta/{name}
Gets a single context property by its resource name.
list GET /v1beta/{parent}/contextProperties
Lists all context properties for a specific parent entity.
patch PATCH /v1beta/{contextProperty.name}
Updates an existing context property.

REST Resource: v1beta.projects.locations.instances.coverageDetails

Methods
list GET /v1beta/{parent}/coverageDetails
List coverage details for threat collection and rule combinations.

REST Resource: v1beta.projects.locations.instances.customLists

Methods
batchDelete POST /v1beta/{parent}/customLists:batchDelete
Deletes multiple custom list entries in a single operation.
create POST /v1beta/{parent}/customLists
Creates a new custom list entry.
delete DELETE /v1beta/{name}
Deletes a specific custom list entry.
export POST /v1beta/{parent}/customLists:export
Exports selected custom lists as a CSV file.
get GET /v1beta/{name}
Gets a single custom list entry by its resource name.
import POST /v1beta/{parent}/customLists:import
Imports multiple custom list entries from a CSV file.
list GET /v1beta/{parent}/customLists
Lists all custom list entries in the instance.
patch PATCH /v1beta/{customList.name}
Updates an existing custom list entry.

REST Resource: v1beta.projects.locations.instances.dashboardCharts

Methods
batchGet GET /v1beta/{parent}/dashboardCharts:batchGet
Get dashboard charts in batches.
get GET /v1beta/{name}
Get a dashboard chart.

REST Resource: v1beta.projects.locations.instances.dashboardQueries

Methods
execute POST /v1beta/{parent}/dashboardQueries:execute
Execute a query and return the data.
get GET /v1beta/{name}
Get a dashboard query.

REST Resource: v1beta.projects.locations.instances.dataAccessLabels

Methods
create POST /v1beta/{parent}/dataAccessLabels
Creates a data access label.
delete DELETE /v1beta/{name}
Deletes a data access label.
get GET /v1beta/{name}
Gets a data access label.
list GET /v1beta/{parent}/dataAccessLabels
Lists all data access labels for the customer.
patch PATCH /v1beta/{dataAccessLabel.name}
Updates a data access label.

REST Resource: v1beta.projects.locations.instances.dataAccessScopes

Methods
create POST /v1beta/{parent}/dataAccessScopes
Creates a data access scope.
delete DELETE /v1beta/{name}
Deletes a data access scope.
get GET /v1beta/{name}
Retrieves an existing data access scope.
list GET /v1beta/{parent}/dataAccessScopes
Lists all existing data access scopes for the customer.
patch PATCH /v1beta/{dataAccessScope.name}
Updates a data access scope.

REST Resource: v1beta.projects.locations.instances.dataTableOperationErrors

Methods
get GET /v1beta/{name}
Get the error for a data table operation.

REST Resource: v1beta.projects.locations.instances.dataTables

Methods
create POST /v1beta/{parent}/dataTables
Create a new data table.
delete DELETE /v1beta/{name}
Delete data table.
get GET /v1beta/{name}
Get data table info.
list GET /v1beta/{parent}/dataTables
List data tables.
patch PATCH /v1beta/{dataTable.name}
Update data table.

REST Resource: v1beta.projects.locations.instances.dataTables.dataTableRows

Methods
bulkCreate POST /v1beta/{parent}/dataTableRows:bulkCreate
Create data table rows in bulk.
bulkCreateAsync POST /v1beta/{parent}/dataTableRows:bulkCreateAsync
Create data table rows in bulk asynchronously.
bulkGet POST /v1beta/{parent}/dataTableRows:bulkGet
Get data table rows in bulk.
bulkReplace POST /v1beta/{parent}/dataTableRows:bulkReplace
Replace all existing data table rows with new data table rows.
bulkReplaceAsync POST /v1beta/{parent}/dataTableRows:bulkReplaceAsync
Replace all existing data table rows with new data table rows asynchronously.
bulkUpdate POST /v1beta/{parent}/dataTableRows:bulkUpdate
Update data table rows in bulk.
bulkUpdateAsync POST /v1beta/{parent}/dataTableRows:bulkUpdateAsync
Update data table rows in bulk asynchronously.
create POST /v1beta/{parent}/dataTableRows
Create a new data table row.
delete DELETE /v1beta/{name}
Delete data table row.
get GET /v1beta/{name}
Get data table row
list GET /v1beta/{parent}/dataTableRows
List data table rows.
patch PATCH /v1beta/{dataTableRow.name}
Update data table row

REST Resource: v1beta.projects.locations.instances.dynamicParameters

Methods
create POST /v1beta/{parent}/dynamicParameters
Creates a new DynamicParameter.
delete DELETE /v1beta/{name}
Deletes a DynamicParameter.
export POST /v1beta/{parent}/dynamicParameters:export
Exports all DynamicParameters defined in the instance to a CSV file.
get GET /v1beta/{name}
Gets a single DynamicParameter by its resource name.
import POST /v1beta/{parent}/dynamicParameters:import
Imports DynamicParameters from a CSV file.
list GET /v1beta/{parent}/dynamicParameters
Lists all DynamicParameters defined in the instance.
patch PATCH /v1beta/{dynamicParameter.name}
Updates an existing DynamicParameter.

REST Resource: v1beta.projects.locations.instances.emailTemplates

Methods
batchDelete POST /v1beta/{parent}/emailTemplates:batchDelete
Deletes multiple email templates in a single operation.
create POST /v1beta/{parent}/emailTemplates
Creates a new EmailTemplate.
delete DELETE /v1beta/{name}
Deletes a specific EmailTemplate.
export POST /v1beta/{parent}/emailTemplates:export
Exports selected email templates as a CSV file.
get GET /v1beta/{name}
Gets a single EmailTemplate by its resource name.
import POST /v1beta/{parent}/emailTemplates:import
Imports multiple email templates from a CSV file.
list GET /v1beta/{parent}/emailTemplates
Lists all EmailTemplates available in the instance.
patch PATCH /v1beta/{emailTemplate.name}
Updates an existing EmailTemplate.

REST Resource: v1beta.projects.locations.instances.enrichmentControls

Methods
create POST /v1beta/{parent}/enrichmentControls
Create an EnrichmentControl resource.
disable POST /v1beta/{name}:disable
Disable an EnrichmentControl.
get GET /v1beta/{name}
Get an EnrichmentControl.
list GET /v1beta/{parent}/enrichmentControls
List all EnrichmentControls.

REST Resource: v1beta.projects.locations.instances.entities

Methods
get GET /v1beta/{name}
Gets an entity by name.
import POST /v1beta/{parent}/entities:import
ImportEntities import the entities.

REST Resource: v1beta.projects.locations.instances.entitiesBlocklists

Methods
create POST /v1beta/{parent}/entitiesBlocklists
Creates a new EntitiesBlocklist.
delete DELETE /v1beta/{name}
Deletes an EntitiesBlocklist.
get GET /v1beta/{name}
Gets a single EntitiesBlocklist.
list GET /v1beta/{parent}/entitiesBlocklists
Lists EntitiesBlocklists.
patch PATCH /v1beta/{entitiesBlocklist.name}
Updates an existing EntitiesBlocklist.

REST Resource: v1beta.projects.locations.instances.environmentGroups

Methods
create POST /v1beta/{parent}/environmentGroups
Creates a new EnvironmentGroup.
delete DELETE /v1beta/{name}
Deletes a specific EnvironmentGroup.
get GET /v1beta/{name}
Gets a single EnvironmentGroup by its name.
list GET /v1beta/{parent}/environmentGroups
Lists all EnvironmentGroups available in the instance.
patch PATCH /v1beta/{environmentGroup.name}
Updates an existing EnvironmentGroup.

REST Resource: v1beta.projects.locations.instances.environments

Methods
create POST /v1beta/{parent}/environments
Creates a new Environment.
delete DELETE /v1beta/{name}
Deletes a specific Environment.
get GET /v1beta/{name}
Gets a single Environment by its resource name.
list GET /v1beta/{parent}/environments
Lists all Environments available in the instance.
patch PATCH /v1beta/{environment.name}
Updates an existing Environment.
resetWeights POST /v1beta/{name}/environments:resetWeights
Resets the resource distribution weights for all environments.

REST Resource: v1beta.projects.locations.instances.events

Methods
batchGet GET /v1beta/{parent}/events:batchGet
Gets a batch (list) of events given a list of names and a parent.
fetchEnrichedEvent GET /v1beta/{name}:fetchEnrichedEvent
Gets the enriched event for a given event id.
get GET /v1beta/{name}
Gets an event given a name.
import POST /v1beta/{parent}/events:import
ImportEvents import the events.

REST Resource: v1beta.projects.locations.instances.feedPacks

Methods
get GET /v1beta/{name}
Gets a feed pack.
list GET /v1beta/{parent}/feedPacks
Lists Packs for which feeds can be configured.

REST Resource: v1beta.projects.locations.instances.feedServiceAccounts

Methods
fetchServiceAccountForCustomer GET /v1beta/{parent}/feedServiceAccounts:fetchServiceAccountForCustomer
Fetch Chronicle's service account used for ingesting data from Cloud Storage buckets.

REST Resource: v1beta.projects.locations.instances.feedSourceTypeSchemas

Methods
list GET /v1beta/{parent}/feedSourceTypeSchemas
List all FeedSourceTypeSchemas.

REST Resource: v1beta.projects.locations.instances.feedSourceTypeSchemas.logTypeSchemas

Methods
list GET /v1beta/{parent}/logTypeSchemas
List all LogTypeSchemas compatible with a given FeedSourceType.

REST Resource: v1beta.projects.locations.instances.feeds

Methods
create POST /v1beta/{parent}/feeds
Creates a feed.
delete DELETE /v1beta/{name}
Deletes a feed.
disable POST /v1beta/{name}:disable
Disable feed for ingestion.
enable POST /v1beta/{name}:enable
Enable feed for ingestion.
generateSecret POST /v1beta/{name}:generateSecret
Generates a new secret for https push feeds which do not support jwt tokens.
get GET /v1beta/{name}
Gets a feed.
importPushLogs POST /v1beta/{parent}:importPushLogs
Import logs coming from https push feeds.
list GET /v1beta/{parent}/feeds
Lists all feeds for the customer.
patch PATCH /v1beta/{feed.name}
Updates the full feed.

REST Resource: v1beta.projects.locations.instances.findingsRefinements

Methods
computeFindingsRefinementActivity POST /v1beta/{name}:computeFindingsRefinementActivity
Returns findings refinement activity for a specific findings refinement.
create POST /v1beta/{parent}/findingsRefinements
Creates a new findings refinement.
get GET /v1beta/{name}
Gets a single findings refinement.
getDeployment GET /v1beta/{name}
Gets a findings refinement deployment.
list GET /v1beta/{parent}/findingsRefinements
Lists a collection of findings refinements.
patch PATCH /v1beta/{findingsRefinement.name}
Updates a findings refinement.
updateDeployment PATCH /v1beta/{findingsRefinementDeployment.name}
Updates a findings refinement deployment.

REST Resource: v1beta.projects.locations.instances.formDynamicParameters

Methods
get GET /v1beta/{name}
Gets a single FormDynamicParameter by its resource name.
list GET /v1beta/{parent}/formDynamicParameters
Lists all FormDynamicParameters defined in the instance.
saveForm POST /v1beta/{parent}/formDynamicParameters:saveForm
Saves the complete set of dynamic parameters for a specific form type.

REST Resource: v1beta.projects.locations.instances.forwarders

Methods
create POST /v1beta/{parent}/forwarders
Create a forwarder.
delete DELETE /v1beta/{name}
Delete a forwarder by forwarder ID.
generateForwarderFiles GET /v1beta/{name}:generateForwarderFiles
Generates a forwarder's configuration files.
get GET /v1beta/{name}
Get a forwarder by forwarder ID.
importStatsEvents POST /v1beta/{name}:importStatsEvents
ImportStatsEvents imports stats events from a forwarder.
list GET /v1beta/{parent}/forwarders
List all forwarders for the instance.
patch PATCH /v1beta/{forwarder.name}
Update a forwarder.

REST Resource: v1beta.projects.locations.instances.forwarders.collectors

Methods
create POST /v1beta/{parent}/collectors
Create a collector.
delete DELETE /v1beta/{name}
Delete a collector by collector ID.
get GET /v1beta/{name}
Get a collector by collector ID.
list GET /v1beta/{parent}/collectors
List all collectors for the forwarder.
patch PATCH /v1beta/{collector.name}
Update a collector.

REST Resource: v1beta.projects.locations.instances.ingestionLogLabels

Methods
list GET /v1beta/{parent}/ingestionLogLabels
Returns the ingestion log labels for the customer.

REST Resource: v1beta.projects.locations.instances.ingestionLogNamespaces

Methods
list GET /v1beta/{parent}/ingestionLogNamespaces
Lists ingestion log namespaces for the customer.

REST Resource: v1beta.projects.locations.instances.integrations

Methods
create POST /v1beta/{parent}/integrations
Creates a new custom SOAR Integration.
delete DELETE /v1beta/{name}
Deletes a specific custom Integration.
download GET /v1beta/{name}:export
Exports the entire integration package as a ZIP file.
downloadDependency POST /v1beta/{name}:downloadDependency
Initiates the download of a Python dependency (e.g., a library from PyPI) for a custom integration.
exportIntegrationItems GET /v1beta/{name}:exportItems
Exports specific items from an integration into a ZIP folder.
fetchAffectedItems GET /v1beta/{name}:fetchAffectedItems
Identifies all system items (e.g., connector instances, job instances, playbooks) that would be affected by a change to or deletion of this integration.
fetchAgentIntegrations GET /v1beta/{parent}:fetchAgentIntegrations
Returns the set of integrations currently installed and configured on a specific agent.
fetchCommercialDiff GET /v1beta/{name}:fetchCommercialDiff
Returns the difference between the current integration and its matching commercial version in the Marketplace.
fetchDependencies GET /v1beta/{name}:fetchDependencies
Returns the complete list of Python dependencies currently associated with a custom integration.
fetchRestrictedAgents GET /v1beta/{name}:fetchRestrictedAgents
Identifies remote agents that would be restricted from running an updated version of the integration, typically due to environment incompatibilities like unsupported Python versions.
get GET /v1beta/{name}
Gets a single Integration by its resource name.
getFetchProductionDiff GET /v1beta/{name}:fetchProductionDiff
Returns the difference between the staging integration and its matching production version.
getFetchStagingDiff GET /v1beta/{name}:fetchStagingDiff
Returns the difference between the production integration and its corresponding staging version.
import POST /v1beta/{parent}/integrations:import
POST /upload/v1beta/{parent}/integrations:import
Imports a complete integration package from a ZIP file (up to 500MB).
importIntegrationDependency POST /v1beta/{name}:uploadDependency
POST /upload/v1beta/{name}:uploadDependency
Uploads a raw dependency file (e.g., a wheel file or binary) to an existing custom integration.
importIntegrationItems POST /v1beta/{name}:importItems
POST /upload/v1beta/{name}:importItems
Imports individual integration items (actions, jobs, connectors, etc.) from a ZIP file into an existing custom integration.
list GET /v1beta/{parent}/integrations
Lists all Integrations installed in the instance.
patch PATCH /v1beta/{integration.name}
Updates an existing Integration's metadata.
pushToProduction POST /v1beta/{name}:pushToProduction
Transitions an integration from staging to production mode.
pushToStaging POST /v1beta/{name}:pushToStaging
Transitions an integration from production back to staging mode.
updateCustomIntegration POST /v1beta/{updateCustomIntegrationPayload.integration.name}:updateCustomIntegration
Updates a custom integration definition, including its parameters and dependencies.
upload POST /v1beta/{parent}/integrations:extractIntegrationDetails
POST /upload/v1beta/{parent}/integrations:extractIntegrationDetails
Parses an integration ZIP file and returns its constituent items and metadata without importing it.

REST Resource: v1beta.projects.locations.instances.integrations.actions

Methods
create POST /v1beta/{parent}/actions
Creates a new custom IntegrationAction within an integration.
delete DELETE /v1beta/{name}
Deletes a specific custom IntegrationAction.
executeTest POST /v1beta/{parent}/actions:executeTest
Executes a test run of an action's script.
fetchActionsByEnvironment GET /v1beta/{parent}/actions:fetchActionsByEnvironment
Lists actions that are executable within specified environments.
fetchTemplate GET /v1beta/{parent}/actions:fetchTemplate
Retrieves a default Python script template for a new integration action.
get GET /v1beta/{name}
Gets a single IntegrationAction.
list GET /v1beta/{parent}/actions
Lists all IntegrationActions for a specific integration.
patch PATCH /v1beta/{integrationAction.name}
Updates an existing IntegrationAction.

REST Resource: v1beta.projects.locations.instances.integrations.actions.revisions

Methods
create POST /v1beta/{parent}/revisions
Creates a new saved revision (snapshot) of the current action definition.
delete DELETE /v1beta/{name}
Deletes a specific action revision.
list GET /v1beta/{parent}/revisions
Lists all revisions for a specific action.
rollback POST /v1beta/{name}:rollback
Reverts the current action definition to a previously saved revision.

REST Resource: v1beta.projects.locations.instances.integrations.connectors

Methods
create POST /v1beta/{parent}/connectors
Creates a new custom IntegrationConnector.
delete DELETE /v1beta/{name}
Deletes a specific custom IntegrationConnector.
executeTest POST /v1beta/{parent}/connectors:executeTest
Executes a test run of a connector's Python script.
fetchTemplate GET /v1beta/{parent}/connectors:fetchTemplate
Returns a default Python script template for an integration connector.
get GET /v1beta/{name}
Gets a single IntegrationConnector by its resource name.
list GET /v1beta/{parent}/connectors
Lists all IntegrationConnectors defined for a specific integration.
patch PATCH /v1beta/{integrationConnector.name}
Updates an existing custom IntegrationConnector.

REST Resource: v1beta.projects.locations.instances.integrations.connectors.connectorInstances

Methods
create POST /v1beta/{parent}/connectorInstances
Creates a new ConnectorInstance based on a connector definition.
delete DELETE /v1beta/{name}
Deletes a ConnectorInstance.
fetchLatestDefinition GET /v1beta/{parent}:fetchLatestDefinition
Refreshes a connector instance with the latest definition from the integration.
get GET /v1beta/{name}
Gets a single ConnectorInstance by its resource name.
list GET /v1beta/{parent}/connectorInstances
Lists ConnectorInstances for a specific connector definition.
patch PATCH /v1beta/{connectorInstance.name}
Updates an existing ConnectorInstance.
runOnDemand POST /v1beta/{name}:runOnDemand
Triggers an immediate, single execution of the connector.
setLogsCollection POST /v1beta/{name}:setLogsCollection
Enables or disables debug log collection for a connector instance.

REST Resource: v1beta.projects.locations.instances.integrations.connectors.connectorInstances.logs

Methods
get GET /v1beta/{name}
Gets a single ConnectorInstanceLog.
list GET /v1beta/{parent}/logs
Lists all ConnectorInstanceLogs for a given ConnectorInstance.

REST Resource: v1beta.projects.locations.instances.integrations.connectors.contextProperties

Methods
clearAll POST /v1beta/{parent}/contextProperties:clearAll
Deletes all context properties associated with a specific parent context.
create POST /v1beta/{parent}/contextProperties
Creates a new context property.
delete DELETE /v1beta/{name}
Deletes a specific context property.
get GET /v1beta/{name}
Gets a single context property by its resource name.
list GET /v1beta/{parent}/contextProperties
Lists all context properties for a specific parent entity.
patch PATCH /v1beta/{contextProperty.name}
Updates an existing context property.

REST Resource: v1beta.projects.locations.instances.integrations.connectors.revisions

Methods
create POST /v1beta/{parent}/revisions
Creates a new snapshot (revision) of the current connector definition.
delete DELETE /v1beta/{name}
Deletes a specific connector revision.
list GET /v1beta/{parent}/revisions
Lists all saved revisions of a specific connector.
rollback POST /v1beta/{name}:rollback
Restores the connector definition to the state captured in a specific revision.

REST Resource: v1beta.projects.locations.instances.integrations.integrationInstances

Methods
create POST /v1beta/{parent}/integrationInstances
Creates a new IntegrationInstance.
delete DELETE /v1beta/{name}
Deletes a specific IntegrationInstance.
executeTest POST /v1beta/{name}:executeTest
Executes a connectivity test ("ping") for a specific integration instance.
fetchAffectedItems GET /v1beta/{name}:fetchAffectedItems
Lists all playbooks that depend on a specific integration instance.
fetchDefaultInstance GET /v1beta/{parent}/integrationInstances:fetchDefaultInstance
Returns the system default configuration for a specific integration.
get GET /v1beta/{name}
Gets a single IntegrationInstance by its resource name.
list GET /v1beta/{parent}/integrationInstances
Lists all IntegrationInstances for a specific integration.
patch PATCH /v1beta/{integrationInstance.name}
Updates an existing IntegrationInstance.

REST Resource: v1beta.projects.locations.instances.integrations.jobs

Methods
create POST /v1beta/{parent}/jobs
Creates a new custom IntegrationJob.
delete DELETE /v1beta/{name}
Deletes a specific custom IntegrationJob.
executeTest POST /v1beta/{parent}/jobs:executeTest
Executes a test run of a `IntegrationJob's Python script.
fetchTemplate GET /v1beta/{parent}/jobs:fetchTemplate
Returns a default Python script template for an IntegrationJob.
get GET /v1beta/{name}
Gets a single IntegrationJob by its resource name.
list GET /v1beta/{parent}/jobs
Lists all IntegrationJobs defined for a specific integration.
patch PATCH /v1beta/{integrationJob.name}
Updates an existing custom IntegrationJob.

REST Resource: v1beta.projects.locations.instances.integrations.jobs.contextProperties

Methods
clearAll POST /v1beta/{parent}/contextProperties:clearAll
Deletes all context properties associated with a specific parent context.
create POST /v1beta/{parent}/contextProperties
Creates a new context property.
delete DELETE /v1beta/{name}
Deletes a specific context property.
get GET /v1beta/{name}
Gets a single context property by its resource name.
list GET /v1beta/{parent}/contextProperties
Lists all context properties for a specific parent entity.
patch PATCH /v1beta/{contextProperty.name}
Updates an existing context property.

REST Resource: v1beta.projects.locations.instances.integrations.jobs.jobInstances

Methods
create POST /v1beta/{parent}/jobInstances
Creates a new IntegrationJobInstance from a job definition.
delete DELETE /v1beta/{name}
Deletes a specific IntegrationJobInstance.
get GET /v1beta/{name}
Gets a single IntegrationJobInstance by its resource name.
list GET /v1beta/{parent}/jobInstances
Lists all IntegrationJobInstances for a specific job definition.
patch PATCH /v1beta/{integrationJobInstance.name}
Updates an existing IntegrationJobInstance.
runOnDemand POST /v1beta/{name}:runOnDemand
Executes a scheduled background job immediately and only once, bypassing the normal schedule.

REST Resource: v1beta.projects.locations.instances.integrations.jobs.jobInstances.logs

Methods
get GET /v1beta/{name}
Gets a single JobInstanceLog entry by its resource name.
list GET /v1beta/{parent}/logs
Lists all execution logs associated with a specific job instance.

REST Resource: v1beta.projects.locations.instances.integrations.jobs.revisions

Methods
create POST /v1beta/{parent}/revisions
Creates a new saved revision (snapshot) of the current job definition.
delete DELETE /v1beta/{name}
Deletes a specific job revision.
list GET /v1beta/{parent}/revisions
Lists all historical revisions for a specific background job.
rollback POST /v1beta/{name}:rollback
Reverts the current background security job definition to a previously saved revision.

REST Resource: v1beta.projects.locations.instances.integrations.managers

Methods
create POST /v1beta/{parent}/managers
Creates a new custom IntegrationManager.
delete DELETE /v1beta/{name}
Deletes a specific custom IntegrationManager.
fetchTemplate GET /v1beta/{parent}/managers:fetchTemplate
Returns a default recommended Python script template for an integration manager.
get GET /v1beta/{name}
Gets a single IntegrationManager by its resource name.
list GET /v1beta/{parent}/managers
Lists all IntegrationManagers defined for a specific integration.
patch PATCH /v1beta/{integrationManager.name}
Updates an existing custom IntegrationManager.

REST Resource: v1beta.projects.locations.instances.integrations.managers.revisions

Methods
create POST /v1beta/{parent}/revisions
Creates a new saved revision (snapshot) of the current manager.
delete DELETE /v1beta/{name}
Deletes a specific manager revision.
get GET /v1beta/{name}
Gets a single IntegrationManagerRevision by its resource name.
list GET /v1beta/{parent}/revisions
Lists all revisions for a specific manager.
rollback POST /v1beta/{name}:rollback
Reverts the current manager definition to a previously saved revision.

REST Resource: v1beta.projects.locations.instances.iocAssociations

Methods
batchGet GET /v1beta/{parent}/iocAssociations:batchGet
Gets a batch (list) of IocAssociations given a list of names and a parent.
fetchRelated GET /v1beta/{parent}/iocAssociations:fetchRelated
List related Associations (Threat Actors or Malware Families) for a given threat resource.
get GET /v1beta/{name}
Get an Ioc Association by resource name.

REST Resource: v1beta.projects.locations.instances.iocs

Methods
batchGet GET /v1beta/{parent}/iocs:batchGet
Gets a batch (list) of iocs given a list of names and a parent.
fetchRelated GET /v1beta/{parent}/iocs:fetchRelated
List related IOCs for a given threat resource.
find POST /v1beta/{parent}/iocs:find
Gets a list of Iocs given a list of parameters that uniquely identify them.
get GET /v1beta/{name}
Get an Ioc.

REST Resource: v1beta.projects.locations.instances.labsExperiments

Methods
execute POST /v1beta/{parent}:execute
Initiates the asynchronous execution of a LabsExperiment.
get GET /v1beta/{name}
Gets a single LabsExperiment by its resource name.
list GET /v1beta/{parent}/labsExperiments
Lists all available LabsExperiments.
patch PATCH /v1beta/{labsExperiment.name}
Updates an existing LabsExperiment.

REST Resource: v1beta.projects.locations.instances.labsExperiments.executions

Methods
get GET /v1beta/{name}
Gets a single LabsExperimentExecution by its resource name.
list GET /v1beta/{parent}/executions
Lists all executions (interactions) for a specific LabsExperiment.
patch PATCH /v1beta/{labsExperimentExecution.name}
Updates an existing LabsExperimentExecution.

REST Resource: v1beta.projects.locations.instances.legacySoarUsers

Methods
getLocalization GET /v1beta/{name}
Gets the localization settings for a specific user.
getNotificationSettings GET /v1beta/{name}
Gets the notification settings for a specific user.
updateLocalization PATCH /v1beta/{userLocalization.name}
Updates the localization settings for a specific user.
updateNotificationSettings PATCH /v1beta/{notificationSettings.name}
Updates the notification settings for a specific user.

REST Resource: v1beta.projects.locations.instances.legacySoarUsers.attachments

Methods
delete DELETE /v1beta/{name}
Deletes an Attachment.
download GET /v1beta/{name}:download
Exports (downloads) an Attachment's raw content.
get GET /v1beta/{name}
Gets a single Attachment by its resource name.
list GET /v1beta/{parent}/attachments
Lists Attachments belonging to a specific user.
upload POST /v1beta/{parent}/attachments:create
POST /upload/v1beta/{parent}/attachments:create
Creates a new Attachment by uploading a file.

REST Resource: v1beta.projects.locations.instances.legacySoarUsers.userNotifications

Methods
count GET /v1beta/{parent}/userNotifications:count
Counts and returns the total number of unread notifications for a specific user.
get GET /v1beta/{name}
Gets a specific user notification.
list GET /v1beta/{parent}/userNotifications
Lists notifications for a specific user.
markAsRead POST /v1beta/{parent}/userNotifications:markAsRead
Marks specified user notifications as read.

REST Resource: v1beta.projects.locations.instances.legacySoarUsers.workdeskContacts

Methods
create POST /v1beta/{parent}/workdeskContacts
Creates a new workdesk contact for a specific user.
delete DELETE /v1beta/{name}
Deletes an existing workdesk contact.
get GET /v1beta/{name}
Gets a specific workdesk contact.
list GET /v1beta/{parent}/workdeskContacts
Lists workdesk contacts for a specific user.
patch PATCH /v1beta/{workdeskContact.name}
Updates an existing workdesk contact.

REST Resource: v1beta.projects.locations.instances.legacySoarUsers.workdeskNotes

Methods
create POST /v1beta/{parent}/workdeskNotes
Creates a new workdesk note for a specific user.
delete DELETE /v1beta/{name}
Deletes an existing workdesk note.
get GET /v1beta/{name}
Gets a specific workdesk note.
list GET /v1beta/{parent}/workdeskNotes
Lists workdesk notes for a specific user.
patch PATCH /v1beta/{workdeskNote.name}
Updates an existing workdesk note.

REST Resource: v1beta.projects.locations.instances.logTypes

Methods
generateEventTypesSuggestions POST /v1beta/{logtype}:generateEventTypesSuggestions
GenerateEventTypesSuggestions generates event types suggestions that can be mapped by a lowcode parser.
legacySubmitParserExtension POST /v1beta/{parent}:legacySubmitParserExtension
LegacySubmitParserExtension creates validates and then makes the extension live.
list GET /v1beta/{parent}/logTypes
Lists all LogTypes.
runParser POST /v1beta/{logtype}:runParser
RunParser runs the parser against a log and returns normalized events or any error that occurred during the normalization.

REST Resource: v1beta.projects.locations.instances.logTypes.logs

Methods
import POST /v1beta/{parent}/logs:import
Import log telemetry.

REST Resource: v1beta.projects.locations.instances.logTypes.parserExtensions

Methods
activate POST /v1beta/{name}:activate
ActivateParserExtension switches the customer to use requested parser extension, This will set the extension state to ACTIVE.
create POST /v1beta/{parent}/parserExtensions
Create a parser extension.
delete DELETE /v1beta/{name}
Delete a parser extension.
get GET /v1beta/{name}
Get a parser extension.
list GET /v1beta/{parent}/parserExtensions
List all parser extensions.

REST Resource: v1beta.projects.locations.instances.logTypes.parserExtensions.extensionValidationReports

Methods
get GET /v1beta/{name}
Get a parser vaildation report.
list GET /v1beta/{parent}/extensionValidationReports
List all parser validation reports for a parser extension.

REST Resource: v1beta.projects.locations.instances.logTypes.parserExtensions.extensionValidationReports.validationErrors

Methods
list GET /v1beta/{parent}/validationErrors
List validation errors of a parser extension validation report.

REST Resource: v1beta.projects.locations.instances.logTypes.parserExtensions.validationReports

Methods
get GET /v1beta/{name}
Get a validation report.

REST Resource: v1beta.projects.locations.instances.logTypes.parserExtensions.validationReports.parsingErrors

Methods
list GET /v1beta/{parent}/parsingErrors
List parsing errors of a validation report.

REST Resource: v1beta.projects.locations.instances.logTypes.parsers

Methods
activate POST /v1beta/{name}:activate
ActivateParser switches the customer to use requested parser, This will set the Parser state to ACTIVE.
activateReleaseCandidateParser POST /v1beta/{name}:activateReleaseCandidateParser
ActivateReleaseCandidateParser makes the release candidate parser live for that customer.
copy POST /v1beta/{name}:copy
CopyPrebuiltParser makes a copy of a prebuilt parser.
create POST /v1beta/{parent}/parsers
Create a parser.
deactivate POST /v1beta/{name}:deactivate
DeactivateParser deactivates the requested parser, and activates the prebuilt release parser.
delete DELETE /v1beta/{name}
Delete a parser.
fetchParserCandidates GET /v1beta/{name}/parsers:fetchParserCandidates
FetchParserCandidates fetches the parser candidates for a given log type.
get GET /v1beta/{name}
Get a parser.
list GET /v1beta/{parent}/parsers
List all parsers.
patch PATCH /v1beta/{parser.name}
Update a parser.

REST Resource: v1beta.projects.locations.instances.logTypes.parsers.validationReports

Methods
get GET /v1beta/{name}
Get a validation report.

REST Resource: v1beta.projects.locations.instances.logTypes.parsers.validationReports.parsingErrors

Methods
list GET /v1beta/{parent}/parsingErrors
List parsing errors of a validation report.

REST Resource: v1beta.projects.locations.instances.marketplaceIntegrations

Methods
fetchCommercialDiff GET /v1beta/{name}:fetchCommercialDiff
Retrieves the differences between the currently installed version of an integration and the commercial version available in the marketplace.
get GET /v1beta/{name}
Retrieves detailed metadata for a specific marketplace integration identified by its resource name.
install POST /v1beta/{parent}:install
Installs a specific version of a marketplace integration into a SecOps instance.
list GET /v1beta/{parent}/marketplaceIntegrations
Returns a paginated list of integrations available in the SecOps Marketplace.
uninstall POST /v1beta/{name}:uninstall
Uninstalls a previously installed marketplace integration, removing its components and configuration from the SecOps instance.

REST Resource: v1beta.projects.locations.instances.moduleSettings

Methods
get GET /v1beta/{name}
Gets a single ModuleSettings resource.
list GET /v1beta/{parent}/moduleSettings
Lists available ModuleSettings resources.
rebrandingSettings GET /v1beta/{parent}/moduleSettings:rebrandingSettings
Retrieves the branding and visual customization settings for the SecOps platform.

REST Resource: v1beta.projects.locations.instances.moduleSettings.properties

Methods
batchUpdate POST /v1beta/{parent}/properties:batchUpdate
Updates multiple properties within a single module.
get GET /v1beta/{name}
Gets a single ModuleSettingsProperty.
list GET /v1beta/{parent}/properties
Lists all properties of a given module setting.
patch PATCH /v1beta/{moduleSettingsProperty.name}
Updates a single property of a module setting.
testSettings POST /v1beta/{parent}/properties:testSettings
Tests the provided configuration properties.

REST Resource: v1beta.projects.locations.instances.nativeDashboards

Methods
addChart POST /v1beta/{name}:addChart
Add chart in a dashboard.
create POST /v1beta/{parent}/nativeDashboards
Create a dashboard.
delete DELETE /v1beta/{name}
Delete a dashboard.
duplicate POST /v1beta/{name}:duplicate
Duplicate a dashboard.
duplicateChart POST /v1beta/{name}:duplicateChart
Duplicate chart in a dashboard.
editChart POST /v1beta/{name}:editChart
Edit chart in a dashboard.
export POST /v1beta/{parent}/nativeDashboards:export
Exports the dashboards.
get GET /v1beta/{name}
Get a dashboard.
import POST /v1beta/{parent}/nativeDashboards:import
Imports the dashboards.
list GET /v1beta/{parent}/nativeDashboards
List all dashboards.
patch PATCH /v1beta/{nativeDashboard.name}
Update a dashboard.
removeChart POST /v1beta/{name}:removeChart
Remove chart from a dashboard.

REST Resource: v1beta.projects.locations.instances.ontologyRecords.visualFamilies

Methods
create POST /v1beta/{parent}/visualFamilies
Creates a new custom VisualFamily.
delete DELETE /v1beta/{name}
Deletes a specific custom VisualFamily.
export POST /v1beta/{parent}/visualFamilies:export
Exports selected visual families as a ZIP file.
get GET /v1beta/{name}
Gets a single VisualFamily by its resource name.
import POST /v1beta/{parent}/visualFamilies:import
Imports multiple visual families from a ZIP file.
list GET /v1beta/{parent}/visualFamilies
Lists all VisualFamily resources associated with a specific ontology record.
patch PATCH /v1beta/{visualFamily.name}
Updates an existing VisualFamily.

REST Resource: v1beta.projects.locations.instances.operations

Methods
cancel POST /v1beta/{name}:cancel
Starts asynchronous cancellation on a long-running operation.
delete DELETE /v1beta/{name}
Deletes a long-running operation.
get GET /v1beta/{name}
Gets the latest state of a long-running operation.
list GET /v1beta/{name}/operations
Lists operations that match the specified filter in the request.

REST Resource: v1beta.projects.locations.instances.propertySchemaDefinitions

Methods
create POST /v1beta/{parent}/propertySchemaDefinitions
Creates a new PropertySchemaDefinition.
delete DELETE /v1beta/{name}
Deletes a PropertySchemaDefinition.
get GET /v1beta/{name}
Gets a single PropertySchemaDefinition.
list GET /v1beta/{parent}/propertySchemaDefinitions
Lists PropertySchemaDefinitions.
patch PATCH /v1beta/{propertySchemaDefinition.name}
Updates an existing PropertySchemaDefinition.

REST Resource: v1beta.projects.locations.instances.referenceLists

Methods
create POST /v1beta/{parent}/referenceLists
Creates a new reference list.
get GET /v1beta/{name}
Gets a single reference list.
list GET /v1beta/{parent}/referenceLists
Lists a collection of reference lists.
patch PATCH /v1beta/{referenceList.name}
Updates an existing reference list.

REST Resource: v1beta.projects.locations.instances.remoteAgents

Methods
connectorValidRemoteAgents GET /v1beta/{parent}/remoteAgents:connectorValidRemoteAgents
Lists all RemoteAgents that are valid and compatible with a specific connector.
create POST /v1beta/{parent}/remoteAgents
Creates a new RemoteAgent.
delete DELETE /v1beta/{name}
Deletes a RemoteAgent.
fetchEditableRemoteAgents GET /v1beta/{parent}/remoteAgents:fetchEditableRemoteAgents
Lists all RemoteAgents that the requesting user has permissions to edit.
fetchInstallationCommand GET /v1beta/{name}:fetchInstallationCommand
Retrieves the specific command string required to install a RemoteAgent.
fetchInstallerFile GET /v1beta/{name}:fetchInstallerFile
Retrieves a download link for the RemoteAgent's installer file.
fetchRedeployStatus GET /v1beta/{name}:fetchRedeployStatus
Returns the redeployment status for integrations on a RemoteAgent.
fetchRemoteAgentsCompatibleWithJobs GET /v1beta/{parent}/remoteAgents:fetchRemoteAgentsCompatibleWithJobs
Lists all RemoteAgents compatible with executing jobs for a specific integration.
fetchRemoteAgentsInformation POST /v1beta/{parent}/remoteAgents:fetchRemoteAgentsInformation
Retrieves detailed information for a list of RemoteAgents.
get GET /v1beta/{name}
Gets a single RemoteAgent.
list GET /v1beta/{parent}/remoteAgents
Lists RemoteAgents.
migrateConnectors POST /v1beta/{name}:migrateConnectors
Migrates legacy connectors on a RemoteAgent from remote to local scheduling.
patch PATCH /v1beta/{remoteAgent.name}
Updates an existing RemoteAgent.
redeployRemoteAgent POST /v1beta/{parent}/remoteAgents:redeployRemoteAgent
Redeploys configuration from one RemoteAgent to another.
sendRemoteAgentInstaller POST /v1beta/{name}:sendRemoteAgentInstaller
Sends the RemoteAgent installer via email.
upgradeRemoteAgent POST /v1beta/{name}:upgradeRemoteAgent
Upgrades a RemoteAgent to the latest available version.

REST Resource: v1beta.projects.locations.instances.requestTemplates

Methods
create POST /v1beta/{parent}/requestTemplates
Defines a new manual request form, specifying the input fields analysts must provide and how the data should be visually mapped in cases.
delete DELETE /v1beta/{name}
Permanently removes an obsolete manual request form from the system.
get GET /v1beta/{name}
Retrieves the definition of a manual request form, including its display fields, visual mapping, and associated environments.
list GET /v1beta/{parent}/requestTemplates
Lists all available manual request forms configured in the system.
patch PATCH /v1beta/{requestTemplate.name}
Modifies a manual request form's structure, such as adding or removing fields, or adjusting environment associations.

REST Resource: v1beta.projects.locations.instances.ruleExecutionErrors

Methods
list GET /v1beta/{parent}/ruleExecutionErrors
Lists rule execution errors.

REST Resource: v1beta.projects.locations.instances.rules

Methods
create POST /v1beta/{parent}/rules
Creates a new Rule.
delete DELETE /v1beta/{name}
Deletes a Rule.
get GET /v1beta/{name}
Gets a Rule.
getDeployment GET /v1beta/{name}
Gets a RuleDeployment.
list GET /v1beta/{parent}/rules
Lists Rules.
listRevisions GET /v1beta/{name}:listRevisions
Lists all revisions of the rule.
patch PATCH /v1beta/{rule.name}
Updates a Rule.
updateDeployment PATCH /v1beta/{ruleDeployment.name}
Updates a RuleDeployment.

REST Resource: v1beta.projects.locations.instances.rules.deployments

Methods
list GET /v1beta/{parent}/deployments
Lists RuleDeployments across all Rules.

REST Resource: v1beta.projects.locations.instances.rules.retrohunts

Methods
create POST /v1beta/{parent}/retrohunts
Create a Retrohunt.
get GET /v1beta/{name}
Get a Retrohunt.
list GET /v1beta/{parent}/retrohunts
List Retrohunts.

REST Resource: v1beta.projects.locations.instances.savedColumnSets

Methods
create POST /v1beta/{parent}/savedColumnSets
Endpoint for adding a new saved column set to the specified instance.
delete DELETE /v1beta/{name}
Endpoint for deleting a saved column set.
get GET /v1beta/{name}
Endpoint for getting a user's saved column set.
list GET /v1beta/{parent}/savedColumnSets
Endpoint for listing the saved column sets.
patch PATCH /v1beta/{savedColumnSet.name}
Endpoint for updating user data saved column set

REST Resource: v1beta.projects.locations.instances.slaDefinitions

Methods
create POST /v1beta/{parent}/slaDefinitions
Creates a new SlaDefinition.
delete DELETE /v1beta/{name}
Deletes a SlaDefinition.
export GET /v1beta/{parent}/slaDefinitions:export
Exports all SlaDefinitions to a CSV file.
get GET /v1beta/{name}
Gets a single SlaDefinition.
import POST /v1beta/{parent}/slaDefinitions:import
Imports SlaDefinitions from a CSV file.
list GET /v1beta/{parent}/slaDefinitions
Lists all SlaDefinitions.
patch PATCH /v1beta/{slaDefinition.name}
Updates an existing SlaDefinition.

REST Resource: v1beta.projects.locations.instances.soarDomains

Methods
create POST /v1beta/{parent}/soarDomains
Creates a new SoarDomain.
delete DELETE /v1beta/{name}
Deletes a SoarDomain.
export GET /v1beta/{parent}/soarDomains:export
Exports all SoarDomains to a CSV file.
get GET /v1beta/{name}
Gets a single SoarDomain.
import POST /v1beta/{parent}/soarDomains:import
Imports SoarDomains from a CSV file.
list GET /v1beta/{parent}/soarDomains
Lists SoarDomains.
patch PATCH /v1beta/{soarDomain.name}
Updates an existing SoarDomain.

REST Resource: v1beta.projects.locations.instances.soarNetworks

Methods
create POST /v1beta/{parent}/soarNetworks
Creates a new SoarNetwork.
delete DELETE /v1beta/{name}
Deletes a single SoarNetwork.
deleteAll DELETE /v1beta/{parent}/soarNetworks:all
Deletes all SoarNetworks within an instance.
export GET /v1beta/{parent}/soarNetworks:export
Exports all SoarNetworks to a CSV file.
get GET /v1beta/{name}
Gets a single SoarNetwork.
import POST /v1beta/{parent}/soarNetworks:import
Imports SoarNetworks from a CSV file.
list GET /v1beta/{parent}/soarNetworks
Lists SoarNetworks.
patch PATCH /v1beta/{soarNetwork.name}
Updates an existing SoarNetwork.

REST Resource: v1beta.projects.locations.instances.socRoles

Methods
create POST /v1beta/{parent}/socRoles
Creates a new SocRole.
delete DELETE /v1beta/{name}
Deletes a SocRole.
get GET /v1beta/{name}
Gets a single SocRole.
list GET /v1beta/{parent}/socRoles
Lists all available SocRoles.
patch PATCH /v1beta/{socRole.name}
Updates an existing SocRole.

REST Resource: v1beta.projects.locations.instances.systemNotifications

Methods
count GET /v1beta/{parent}/systemNotifications:count
Counts unread SystemNotifications.
get GET /v1beta/{name}
Gets a single SystemNotification.
list GET /v1beta/{parent}/systemNotifications
Lists SystemNotifications.
markAsRead POST /v1beta/{parent}/systemNotifications:markAsRead
Marks a list of SystemNotifications as read.

REST Resource: v1beta.projects.locations.instances.tasks

Methods
create POST /v1beta/{parent}/tasks
Creates a new Task.
delete DELETE /v1beta/{name}
Deletes a Task.
get GET /v1beta/{name}
Gets a single Task.
list GET /v1beta/{parent}/tasks
Lists Tasks.
patch PATCH /v1beta/{task.name}
Updates an existing Task.

REST Resource: v1beta.projects.locations.instances.threatCollections

Methods
fetchEntityMetadata GET /v1beta/{name}:fetchEntityMetadata
Gets a list of entity metadata for a threat collection.
fetchIocMatchMetadata GET /v1beta/{parent}/threatCollections:fetchIocMatchMetadata
Gets a batch (list) of ioc match metadata for a list of threat collections.
fetchRelated GET /v1beta/{parent}/threatCollections:fetchRelated
List related threat collections for a threat artifact.
get GET /v1beta/{name}
Gets a threat collection by resource name.
list GET /v1beta/{parent}/threatCollections
Lists threat collections, which contain reports and tracked threat campaigns from Google Threat Intelligence.

REST Resource: v1beta.projects.locations.instances.uniqueEntities

Methods
addNote POST /v1beta/{parent}/uniqueEntities:addNote
Adds a comment or note to a unique entity.
download GET /v1beta/{name}/uniqueEntities:generateReport
Generates and downloads a report for a unique entity.
fetchFull POST /v1beta/{parent}/uniqueEntities:fetchFull
Fetches comprehensive information for a unique entity.
get GET /v1beta/{name}
Gets a specific unique entity.
list GET /v1beta/{parent}/uniqueEntities
Lists unique entities within a specific instance.
patch PATCH /v1beta/{uniqueEntity.name}
Updates properties of a unique entity.

REST Resource: v1beta.projects.locations.instances.users.savedColumnSets

Methods
create POST /v1beta/{parent}/savedColumnSets
Endpoint for adding a new saved column set to the specified instance.
delete DELETE /v1beta/{name}
Endpoint for deleting a saved column set.
get GET /v1beta/{name}
Endpoint for getting a user's saved column set.
list GET /v1beta/{parent}/savedColumnSets
Endpoint for listing the saved column sets.
patch PATCH /v1beta/{savedColumnSet.name}
Endpoint for updating user data saved column set

REST Resource: v1beta.projects.locations.instances.users.searchQueries

Methods
create POST /v1beta/{parent}/searchQueries
Endpoint for adding a new entry to the specified collection of user data
delete DELETE /v1beta/{name}
Endpoint for deleting a user data saved query entry
get GET /v1beta/{name}
Endpoint for getting a user's Saved query entry
list GET /v1beta/{parent}/searchQueries
Endpoint for listing the user data saved queries owned by the specified user
patch PATCH /v1beta/{searchQuery.name}
Endpoint for updating user data saved query

REST Resource: v1beta.projects.locations.instances.views

Methods
fetchPredefined GET /v1beta/{parent}/views:fetchPredefined
Fetches predefined widgets provided by integrations.
get GET /v1beta/{name}
Gets a specific view.
list GET /v1beta/{parent}/views
Lists views within a specific instance.
saveOverviewTemplate POST /v1beta/{parent}/views:saveOverviewTemplate
Saves a new overview template.

REST Resource: v1beta.projects.locations.instances.watchlists

Methods
create POST /v1beta/{parent}/watchlists
Creates a watchlist for the given instance.
delete DELETE /v1beta/{name}
Deletes the watchlist for the given instance.
get GET /v1beta/{name}
Gets watchlist details for the given watchlist ID.
list GET /v1beta/{parent}/watchlists
Lists all watchlists for the given instance.
patch PATCH /v1beta/{watchlist.name}
Updates the watchlist for the given instance.

REST Resource: v1beta.projects.locations.instances.webhooks

Methods
WebhookIngestion POST /v1beta/{name}:ingest
Ingests data through a configured webhook.
create POST /v1beta/{parent}/webhooks
Creates a new webhook configuration.
delete DELETE /v1beta/{name}
Deletes a webhook configuration.
exportLogs POST /v1beta/{name}:exportLogs
Exports the processing logs for a webhook.
get GET /v1beta/{name}
Gets a specific webhook configuration.
getLogs GET /v1beta/{name}:getLogs
Retrieves processing logs for a given webhook.
getStatistics GET /v1beta/{name}:getStatistics
Returns ingestion statistics for a specific webhook.
list GET /v1beta/{parent}/webhooks
Lists webhooks configured for a specific instance.
patch PATCH /v1beta/{webhook.name}
Updates an existing webhook configuration.
revokeUrl POST /v1beta/{name}:revokeUrl
Revokes the current URL for a specific webhook.

REST Resource: v1alpha.projects.locations.instances

Methods
batchValidateWatchlistEntities POST /v1alpha/{parent}:batchValidateWatchlistEntities
Validates a batch of entities that could be added into watchlist under an instance.
computeAllFindingsRefinementActivities POST /v1alpha/{instance}:computeAllFindingsRefinementActivities
Returns findings refinement activity for all findings refinements.
continuePocGraduation POST /v1alpha/{name}:continuePocGraduation
ContinuePocGraduation verifies and proceeds graduation.
countAllCuratedRuleSetDetections POST /v1alpha/{instance}:countAllCuratedRuleSetDetections
Count detections across all curated rule sets.
createFeedback POST /v1alpha/{instance}:createFeedback
RPC to submit user feedback on content generated by AI services.
delete DELETE /v1alpha/{name}
DeleteInstance deletes an Instance.
evaluateRuleCoverage POST /v1alpha/{instance}:evaluateRuleCoverage
Evaluates whether existing Managed Content rules provide coverage for the input udm.
extractSyslog POST /v1alpha/{instance}:extractSyslog
ExtractSyslog extracts structured part of log from a unstructured log by running a grok regex over it.
fetchFederationAccess GET /v1alpha/{name}:fetchFederationAccess
FetchFederationAccess method lists all the instances the authenticated user has access to and the operations they can perform over these instances.
findEntity GET /v1alpha/{instance}:findEntity
Identifies the entity type and retrieves relevant data associated with a specified indicator.
findEntityAlerts GET /v1alpha/{instance}:findEntityAlerts
Get alerts for an entity.
findRelatedEntities GET /v1alpha/{instance}:findRelatedEntities
Finds all the entities associated with provided entity.
findUdmFieldValues GET /v1alpha/{instance}:findUdmFieldValues
Finds ingested UDM field values that match a query.
generateCollectionAgentAuth POST /v1alpha/{name}:generateCollectionAgentAuth
GenerateCollectionAgentAuth generates an auth json file for the collection agent.
generateRules POST /v1alpha/{instance}:generateRules
Generates a proposed rule given an input Threat Detection Opportunity (TDO).
generateSoarAuthJwt POST /v1alpha/{name}:generateSoarAuthJwt
GenerateSoarAuthJwt signs a jwt in order to proceed with jwt exchange based authenticate with soar.
generateSoarChatMessage POST /v1alpha/{instance}:generateSoarChatMessage
Generates an AI-driven chat response based on a specific security intent.
generateSyntheticEvents POST /v1alpha/{instance}:generateSyntheticEvents
Generates synthetic events (both raw logs and UDM) for an input Threat Detection Opportunity (TDO).
generateThreatDetectionOpportunity POST /v1alpha/{instance}:generateThreatDetectionOpportunity
GenerateThreatDetectionOpportunity generates a Threat Detection Opportunity (TDO).
generateUdmKeyValueMappings POST /v1alpha/{instance}:generateUdmKeyValueMappings
GenerateUDMKeyValueMappings generates key value mapping of a raw log.
generateWorkspaceConnectionToken POST /v1alpha/{name}:generateWorkspaceConnectionToken
Generates a token that can be used to connect a workspace customer to a chronicle instance
get GET /v1alpha/{name}
Gets a Instance.
getAgentSettings GET /v1alpha/{name}
GetAgentSettings gets the agent settings for an instance.
getBigQueryExport GET /v1alpha/{name}
Get the BigQuery export configuration for a Chronicle instance.
getEnrichmentCombination GET /v1alpha/{name}
Get the EnrichmentCombination.
getManagedDomainSettings GET /v1alpha/{name}
Gets the ManagedDomainSettings singleton for a customer.
getMultitenantDirectory GET /v1alpha/{name}
Gets the super and subtenants and gets the current tenant name.
getRiskConfig GET /v1alpha/{name}
Queries the instance to get the Risk Configurations used for the computation of Entity Risk Score.
getThreatCollectionFilterSet GET /v1alpha/{name}
Get the set of threat collection filter options.
graduatePocInstance POST /v1alpha/{name}:graduatePocInstance
GraduatePocInstance graduates an instance.
legacyCaseFederationPlatforms GET /v1alpha/{parent}/legacyCaseFederationPlatforms
Lists all LegacyCaseFederationPlatforms configured in the primary instance.
legacySystemMetadata GET /v1alpha/{instance}/legacySystemMetadata
Returns essential system metadata for the requesting user.
listAllFindingsRefinementDeployments GET /v1alpha/{instance}:listAllFindingsRefinementDeployments
Lists all findings refinement deployments.
patch PATCH /v1alpha/{instance.name}
Updates an Instance.
queryProductSourceStats GET /v1alpha/{instance}:queryProductSourceStats
Gets available product sources along with their stats.
runThreatHunt POST /v1alpha/{parent}:runThreatHunt
Runs a Threat Hunt.
search POST /v1alpha/{parent}:search
Initiates a long-running search operation.
searchEntities GET /v1alpha/{instance}:searchEntities
Identifies the entity type and retrieves relevant data associated with a specified indicator.
searchRawLogs POST /v1alpha/{instance}:searchRawLogs
Api to get events, entities, or unparsed raw logs matching the given raw log query.
submitResponseFeedback POST /v1alpha/{instance}:submitResponseFeedback
Submits user feedback for a specific platform interaction or feature.
suggestSql GET /v1alpha/{instance}:suggestSql
SuggestSql suggests auto completion text for a GoogleSQL query.
summarizeEntitiesFromQuery GET /v1alpha/{instance}:summarizeEntitiesFromQuery
Parses the query and identifies the entities contained within the search query.
summarizeEntity GET /v1alpha/{instance}:summarizeEntity
Returns all entity data over specified time.
testFindingsRefinement POST /v1alpha/{instance}:testFindingsRefinement
Tests for and returns past activity for a findings refinement, including, potentially, times when the findings refinement was not yet created.
translateUdmQuery POST /v1alpha/{instance}:translateUdmQuery
Translate natural language to a UDM Search query.
translateYlRule POST /v1alpha/{instance}:translateYlRule
Translate natural language to a Yara-L rule.
udmSearch GET /v1alpha/{instance}:udmSearch
Performs a UDM search that returns matching events for the query.
undelete POST /v1alpha/{name}:undelete
UndeleteInstance undeletes a soft-deleted Instance.
updateAgentSettings PATCH /v1alpha/{agentSettings.name}
UpdateAgentSettings updates the agent settings for an instance.
updateBigQueryExport PATCH /v1alpha/{bigQueryExport.name}
Update the BigQuery export configuration for a Chronicle instance.
updateRiskConfig PATCH /v1alpha/{riskConfig.name}
Updates RiskConfig used for the computation of Entity Risk Score.
validateQuery GET /v1alpha/{instance}:validateQuery
Validates UDM search query by compiling the query.
verifyNonce POST /v1alpha/{name}:verifyNonce
Verifies the nonce used to graduate an instance.
verifyReferenceList POST /v1alpha/{instance}:verifyReferenceList
VerifyReferenceList validates list content and returns line errors, if any.
verifyRuleText POST /v1alpha/{instance}:verifyRuleText
Verifies the given rule text.

REST Resource: v1alpha.projects.locations.instances.alertGroupingRules

Methods
create POST /v1alpha/{parent}/alertGroupingRules
Creates a new alert grouping rule.
delete DELETE /v1alpha/{name}
Deletes an alert grouping rule.
get GET /v1alpha/{name}
Gets an alert grouping rule.
list GET /v1alpha/{parent}/alertGroupingRules
Lists alert grouping rules.
patch PATCH /v1alpha/{alertGroupingRule.name}
Updates an existing alert grouping rule.

REST Resource: v1alpha.projects.locations.instances.analytics

Methods
list GET /v1alpha/{parent}/analytics
Lists all supported analytics for APIs which can filter by analytic type, such as ListAnalyticValues.

REST Resource: v1alpha.projects.locations.instances.analytics.entities.analyticValues

Methods
list GET /v1alpha/{parent}/analyticValues
Lists analytic values.

REST Resource: v1alpha.projects.locations.instances.announcements

Methods
create POST /v1alpha/{parent}/announcements
Creates a new announcement.
delete DELETE /v1alpha/{name}
Deletes an announcement.
get GET /v1alpha/{name}
Gets a specific announcement.
list GET /v1alpha/{parent}/announcements
Lists announcements for a specific instance.
patch PATCH /v1alpha/{announcement.name}
Updates an existing announcement.

REST Resource: v1alpha.projects.locations.instances.bigQueryAccess

Methods
provide POST /v1alpha/{parent}/bigQueryAccess:provide
Provide BigQuery access for the given email.

REST Resource: v1alpha.projects.locations.instances.bigQueryExport

Methods
provision POST /v1alpha/{parent}/bigQueryExport:provision
Provision the BigQuery export for a Chronicle instance.

REST Resource: v1alpha.projects.locations.instances.calculatedFieldDefinitions

Methods
create POST /v1alpha/{parent}/calculatedFieldDefinitions
Create a CalculatedFieldDefinition.
delete DELETE /v1alpha/{name}
Delete a CalculatedFieldDefinition.
fetchAvailableTargetFields GET /v1alpha/{parent}/calculatedFieldDefinitions:fetchAvailableTargetFields
Searches for fields available to be used as a TargetFieldName for a new Calculated Field.
fetchDynamicOptions GET /v1alpha/{parent}/calculatedFieldDefinitions:fetchDynamicOptions
Get Dynamic Options for a target field based on Calculated Field definitions.
get GET /v1alpha/{name}
Get a CalculatedFieldDefinition.
list GET /v1alpha/{parent}/calculatedFieldDefinitions
List CalculatedFieldDefinitions.
patch PATCH /v1alpha/{calculatedFieldDefinition.name}
Update a CalculatedFieldDefinition.
validateDependency GET /v1alpha/{parent}/calculatedFieldDefinitions:validateDependency
Validate a potential dependency for a Calculated Field formula.

REST Resource: v1alpha.projects.locations.instances.caseCloseDefinitions

Methods
create POST /v1alpha/{parent}/caseCloseDefinitions
Creates a new CaseCloseDefinition.
delete DELETE /v1alpha/{name}
Deletes a CaseCloseDefinition.
get GET /v1alpha/{name}
Gets a single CaseCloseDefinition by its resource name.
list GET /v1alpha/{parent}/caseCloseDefinitions
Lists all CaseCloseDefinitions.
patch PATCH /v1alpha/{caseCloseDefinition.name}
Updates an existing CaseCloseDefinition.

REST Resource: v1alpha.projects.locations.instances.caseQueueFilters

Methods
create POST /v1alpha/{parent}/caseQueueFilters
Creates a new CaseQueueFilter.
delete DELETE /v1alpha/{name}
Deletes a CaseQueueFilter.
get GET /v1alpha/{name}
Gets a single CaseQueueFilter by its resource name.
getShareConfig GET /v1alpha/{name}
Gets the ShareConfig for a specific CaseQueueFilter.
list GET /v1alpha/{parent}/caseQueueFilters
Lists CaseQueueFilters available to the user.
patch PATCH /v1alpha/{caseQueueFilter.name}
Updates an existing CaseQueueFilter.
updateShareConfig PATCH /v1alpha/{shareConfig.name}
Updates the ShareConfig for a specific CaseQueueFilter.

REST Resource: v1alpha.projects.locations.instances.caseStageDefinitions

Methods
create POST /v1alpha/{parent}/caseStageDefinitions
Creates a new CaseStageDefinition.
delete DELETE /v1alpha/{name}
Deletes a CaseStageDefinition.
get GET /v1alpha/{name}
Gets a single CaseStageDefinition by its resource name.
list GET /v1alpha/{parent}/caseStageDefinitions
Lists all CaseStageDefinitions available in the instance.
patch PATCH /v1alpha/{caseStageDefinition.name}
Updates an existing CaseStageDefinition.

REST Resource: v1alpha.projects.locations.instances.caseTagDefinitions

Methods
create POST /v1alpha/{parent}/caseTagDefinitions
Creates a new CaseTagDefinition.
delete DELETE /v1alpha/{name}
Deletes a CaseTagDefinition.
get GET /v1alpha/{name}
Gets a single CaseTagDefinition by its resource name.
import POST /v1alpha/{parent}/caseTagDefinitions:import
Imports CaseTagDefinitions from a CSV file.
list GET /v1alpha/{parent}/caseTagDefinitions
Lists all CaseTagDefinitions available in the instance.
patch PATCH /v1alpha/{caseTagDefinition.name}
Updates an existing CaseTagDefinition.

REST Resource: v1alpha.projects.locations.instances.cases

Methods
addTag POST /v1alpha/{name}:addTag
Adds a tag to a Case.
countPriorities GET /v1alpha/{parent}/cases:countPriorities
Returns counts of cases aggregated by priority for a given set of filters.
createInsight POST /v1alpha/{name}:createInsight
Adds an insight to a Case.
executeBulkAddTag POST /v1alpha/{parent}/cases:executeBulkAddTag
Adds a tag to multiple cases in a single operation.
executeBulkAssign POST /v1alpha/{parent}/cases:executeBulkAssign
Assigns multiple cases to a specific analyst or SOC role in bulk.
executeBulkChangePriority POST /v1alpha/{parent}/cases:executeBulkChangePriority
Changes the priority level for multiple cases in bulk.
executeBulkChangeStage POST /v1alpha/{parent}/cases:executeBulkChangeStage
Updates the case stage for multiple cases in bulk.
executeBulkClose POST /v1alpha/{parent}/cases:executeBulkClose
Closes multiple cases in a single operation.
executeBulkReopen POST /v1alpha/{parent}/cases:executeBulkReopen
Reopens multiple previously closed cases in a single operation.
generateReport POST /v1alpha/{name}:generateReport
Generates a report for a Case in a specified format (e.g., PDF, HTML).
get GET /v1alpha/{name}
Gets a single Case by its resource name.
getCaseOverviewData GET /v1alpha/{name}:caseOverviewData
Retrieves the case view metadaata.
getOrCreateCaseSummary POST /v1alpha/{name}:getOrCreateCaseSummary
Gets or initiates the creation of an AI-driven summary for a case.
list GET /v1alpha/{parent}/cases
Lists Cases in an instance.
merge POST /v1alpha/{parent}/cases:merge
Merges one or more cases into a single destination case.
patch PATCH /v1alpha/{case.name}
Updates an existing Case.
pauseSla POST /v1alpha/{name}:pauseSla
Pauses the Service Level Agreement (SLA) timer for a specific Case.
removeTag POST /v1alpha/{name}:removeTag
Removes a tag from a Case.
resolveOverviewWidget GET /v1alpha/{name}:resolveOverviewWidget
Resolves updated data for a specific case overview widget.
resumeSla POST /v1alpha/{name}:resumeSla
Resumes a previously paused SLA timer for a Case.

REST Resource: v1alpha.projects.locations.instances.cases.alerts.customFieldValues

Methods
batchUpdate POST /v1alpha/{parent}/customFieldValues:batchUpdate
Performs a bulk update of multiple custom field values in a single operation.
get GET /v1alpha/{name}
Gets a single custom field value by its resource name.
list GET /v1alpha/{parent}/customFieldValues
Lists all custom field values for a specific case or alert.
patch PATCH /v1alpha/{customFieldValue.name}
Updates (or creates if not present) the value of a custom field.

REST Resource: v1alpha.projects.locations.instances.cases.caseAlerts

Methods
addTag POST /v1alpha/{name}:addTag
Add a case alert tag.
createRecommendationLongRunning POST /v1alpha/{parent}:createRecommendationLongRunning
Initiates an asynchronous request to generate a new AI recommendation for an alert.
fetchRecommendation GET /v1alpha/{parent}/caseAlerts:fetchRecommendation
Fetches a previously generated AI-driven recommendation for an alert.
get GET /v1alpha/{name}
Gets a single CaseAlert.
getAlertOverviewData GET /v1alpha/{name}:alertOverviewData
Retrieves a view of widgets for a specific alert.
list GET /v1alpha/{parent}/caseAlerts
Lists CaseAlerts within a specific Case.
listAlertViews GET /v1alpha/{name}:listAlertViews
Lists the different UI views available for presenting an alert's data.
move POST /v1alpha/{name}:move
Moves a CaseAlert to a different Case.
patch PATCH /v1alpha/{caseAlert.name}
Updates an existing CaseAlert.
pauseSla POST /v1alpha/{name}:pauseSla
Pauses the SLA timer for a CaseAlert.
removeTag POST /v1alpha/{name}:removeTag
Remove a case alert tag.
resolveOverviewWidget GET /v1alpha/{name}:resolveOverviewWidget
Resolves the data for a specific alert overview widget.
resumeSla POST /v1alpha/{name}:resumeSla
Resumes a previously paused SLA timer for a CaseAlert.
setSla POST /v1alpha/{name}:setSla
Sets the Service Level Agreement (SLA) for a specific CaseAlert.

REST Resource: v1alpha.projects.locations.instances.cases.caseAlerts.connectorEvents

Methods
get GET /v1alpha/{name}
Get a ConnectorEvent.
getFormatted GET /v1alpha/{parent}/connectorEvents:formatted
Get a formatted ConnectorEvents for a given case/alert.
list GET /v1alpha/{parent}/connectorEvents
List page of ConnectorEvents.

REST Resource: v1alpha.projects.locations.instances.cases.caseAlerts.contextProperties

Methods
clearAll POST /v1alpha/{parent}/contextProperties:clearAll
Deletes all context properties associated with a specific parent context.
create POST /v1alpha/{parent}/contextProperties
Creates a new context property.
delete DELETE /v1alpha/{name}
Deletes a specific context property.
get GET /v1alpha/{name}
Gets a single context property by its resource name.
list GET /v1alpha/{parent}/contextProperties
Lists all context properties for a specific parent entity.
patch PATCH /v1alpha/{contextProperty.name}
Updates an existing context property.

REST Resource: v1alpha.projects.locations.instances.cases.caseAlerts.involvedEntities

Methods
addProperty POST /v1alpha/{name}:addProperty
Adds a new custom property to an InvolvedEntity.
create POST /v1alpha/{parent}/involvedEntities
Manually adds a new InvolvedEntity to a case and alert.
fetchCards GET /v1alpha/{parent}/involvedEntities:fetchCards
Returns metadate of each involved entity in a specific alert, including their connectivity and high-level status.
get GET /v1alpha/{name}
Gets a single InvolvedEntity by its resource name.
list GET /v1alpha/{parent}/involvedEntities
Lists all InvolvedEntities associated with a specific case and alert.
patch PATCH /v1alpha/{involvedEntity.name}
Updates an existing InvolvedEntity.
updateProperty POST /v1alpha/{name}:updateProperty
Updates the value of an existing custom property on an InvolvedEntity.

REST Resource: v1alpha.projects.locations.instances.cases.caseComments

Methods
create POST /v1alpha/{parent}/caseComments
Creates a new CaseComment.
delete DELETE /v1alpha/{name}
Performs a soft delete of a CaseComment.
get GET /v1alpha/{name}
Gets a single CaseComment by its resource name.
list GET /v1alpha/{parent}/caseComments
Lists CaseComments associated with a specific Case.
patch PATCH /v1alpha/{caseComment.name}
Updates an existing CaseComment.

REST Resource: v1alpha.projects.locations.instances.cases.caseEvidenceDatas

Methods
get GET /v1alpha/{name}
Gets a case evidence data for a given case.
list GET /v1alpha/{parent}/caseEvidenceDatas
Lists the case evidence data for a given case.

REST Resource: v1alpha.projects.locations.instances.cases.caseWallRecords

Methods
favorite PATCH /v1alpha/{favoriteRequest.name}:favorite
Sets or unsets (toggles) the favorite status of a wall record.
fetchActivitiesCount GET /v1alpha/{parent}/caseWallRecords:fetchActivitiesCount
Returns the count of case activities, optionally filtered by type.
get GET /v1alpha/{name}
Gets a single CaseWallRecord by its resource name.
list GET /v1alpha/{parent}/caseWallRecords
Lists CaseWallRecords for a specific Case.

REST Resource: v1alpha.projects.locations.instances.cases.chatMessages

Methods
create POST /v1alpha/{parent}/chatMessages
Creates a new ChatMessage in a Case.
get GET /v1alpha/{name}
Gets a single ChatMessage by its resource name.
list GET /v1alpha/{parent}/chatMessages
Lists ChatMessages for a specific Case.
pinMessage POST /v1alpha/{name}:pinMessage
Pins a specific ChatMessage to the Case wall.
unpinMessage POST /v1alpha/{name}:unpinMessage
Unpins a pinned ChatMessage from the Case wall.
unreadMessagesCount GET /v1alpha/{parent}/chatMessages:unreadMessagesCount
Returns the number of ChatMessages in the Case chat that the current user has not yet read.
upload POST /v1alpha/{parent}/chatMessages:createWithAttachment
POST /upload/v1alpha/{parent}/chatMessages:createWithAttachment
Creates a ChatMessage in a Case and uploads a ChatMessageAttachment.

REST Resource: v1alpha.projects.locations.instances.cases.chatMessages.attachments

Methods
download GET /v1alpha/{name}:download
Downloads the raw content of a ChatMessageAttachment.

REST Resource: v1alpha.projects.locations.instances.cases.contextProperties

Methods
clearAll POST /v1alpha/{parent}/contextProperties:clearAll
Deletes all context properties associated with a specific parent context.
create POST /v1alpha/{parent}/contextProperties
Creates a new context property.
delete DELETE /v1alpha/{name}
Deletes a specific context property.
get GET /v1alpha/{name}
Gets a single context property by its resource name.
list GET /v1alpha/{parent}/contextProperties
Lists all context properties for a specific parent entity.
patch PATCH /v1alpha/{contextProperty.name}
Updates an existing context property.

REST Resource: v1alpha.projects.locations.instances.cases.customFieldValues

Methods
batchUpdate POST /v1alpha/{parent}/customFieldValues:batchUpdate
Performs a bulk update of multiple custom field values in a single operation.
get GET /v1alpha/{name}
Gets a single custom field value by its resource name.
list GET /v1alpha/{parent}/customFieldValues
Lists all custom field values for a specific case or alert.
patch PATCH /v1alpha/{customFieldValue.name}
Updates (or creates if not present) the value of a custom field.

REST Resource: v1alpha.projects.locations.instances.contentHub.contentPacks

Methods
add POST /v1alpha/{parent}/contentPacks:add
Creates a new custom ContentPack.
alignPlaybooks POST /v1alpha/{name}:alignPlaybooks
Aligns playbooks in a content pack with configured integration instances.
delete DELETE /v1alpha/{name}
Deletes a specific ContentPack.
deployConnectorInstances POST /v1alpha/{name}:deployConnectorInstances
Deploys connector instances from a content pack.
deployPlaybooks POST /v1alpha/{name}:deployPlaybooks
Deploys playbooks contained within a content pack.
deployTestCases POST /v1alpha/{name}:deployTestCases
Deploys test cases from a content pack into the SecOps instance.
download GET /v1alpha/{name}:exportPack
Exports a content pack as a ZIP file.
get GET /v1alpha/{name}
Gets a single ContentPack by its resource name.
installIntegration POST /v1alpha/{name}:installIntegration
Installs a specific integration from a content pack.
list GET /v1alpha/{parent}/contentPacks
Lists ContentPacks available in the Content Hub.
markAsDeployed POST /v1alpha/{name}:markAsDeployed
Marks a content pack as fully deployed.
upload POST /v1alpha/{parent}/contentPacks:importPack
POST /upload/v1alpha/{parent}/contentPacks:importPack
Imports a content pack from a ZIP file (up to 500MB).

REST Resource: v1alpha.projects.locations.instances.contentHub.featuredContentNativeDashboards

Methods
get GET /v1alpha/{name}
Get a native dashboard featured content.
install POST /v1alpha/{name}:install
Install a native dashboard featured content.
list GET /v1alpha/{parent}/featuredContentNativeDashboards
List all native dashboards featured content.

REST Resource: v1alpha.projects.locations.instances.contentHub.featuredContentPlaybooks

Methods
fetchFacets GET /v1alpha/{parent}/featuredContentPlaybooks:fetchFacets
Fetches available facets for filtering FeaturedContentPlaybooks.
get GET /v1alpha/{name}
Gets a single FeaturedContentPlaybook.
install POST /v1alpha/{name}:install
Installs a FeaturedContentPlaybook into the SecOps instance.
list GET /v1alpha/{parent}/featuredContentPlaybooks
Lists all available FeaturedContentPlaybooks.

REST Resource: v1alpha.projects.locations.instances.contentHub.featuredContentRules

Methods
list GET /v1alpha/{parent}/featuredContentRules
Lists FeaturedContentRules

REST Resource: v1alpha.projects.locations.instances.contentHub.featuredContentSearchQueries

Methods
get GET /v1alpha/{name}
Get a search featured content.
installFeaturedContentSearchQuery POST /v1alpha/{name}
Install a search featured content.
list GET /v1alpha/{parent}/featuredContentSearchQueries
List all searches featured content.

REST Resource: v1alpha.projects.locations.instances.contextProperties

Methods
clearAll POST /v1alpha/{parent}/contextProperties:clearAll
Deletes all context properties associated with a specific parent context.
create POST /v1alpha/{parent}/contextProperties
Creates a new context property.
delete DELETE /v1alpha/{name}
Deletes a specific context property.
get GET /v1alpha/{name}
Gets a single context property by its resource name.
list GET /v1alpha/{parent}/contextProperties
Lists all context properties for a specific parent entity.
patch PATCH /v1alpha/{contextProperty.name}
Updates an existing context property.

REST Resource: v1alpha.projects.locations.instances.coverageDetails

Methods
get GET /v1alpha/{name}
Get coverage details for a threat collection and rule combination.
list GET /v1alpha/{parent}/coverageDetails
List coverage details for threat collection and rule combinations.

REST Resource: v1alpha.projects.locations.instances.curatedRuleSetCategories

Methods
get GET /v1alpha/{name}
Gets a CuratedRuleSetCategory.
list GET /v1alpha/{parent}/curatedRuleSetCategories
Lists CuratedRuleSetCategories.

REST Resource: v1alpha.projects.locations.instances.curatedRuleSetCategories.curatedRuleSets

Methods
countCuratedRuleSetDetections POST /v1alpha/{name}:countCuratedRuleSetDetections
Counts the detections generated by a CuratedRuleSet.
get GET /v1alpha/{name}
Gets a CuratedRuleSet.
list GET /v1alpha/{parent}/curatedRuleSets
Lists CuratedRuleSets.

REST Resource: v1alpha.projects.locations.instances.curatedRuleSetCategories.curatedRuleSets.curatedRuleSetDeployments

Methods
batchUpdate POST /v1alpha/{parent}/curatedRuleSetDeployments:batchUpdate
Update multiple deployments of curated rule sets.
get GET /v1alpha/{name}
Get a deployment of a curated rule set.
list GET /v1alpha/{parent}/curatedRuleSetDeployments
Lists deployments for a curated rule set.
patch PATCH /v1alpha/{curatedRuleSetDeployment.name}
Update a deployment of a curated rule set.

REST Resource: v1alpha.projects.locations.instances.curatedRules

Methods
get GET /v1alpha/{name}
Gets a CuratedRule.
list GET /v1alpha/{parent}/curatedRules
Lists CuratedRules.

REST Resource: v1alpha.projects.locations.instances.customFields

Methods
create POST /v1alpha/{parent}/customFields
Creates a new CustomField.
delete DELETE /v1alpha/{name}
Deletes a specific CustomField.
get GET /v1alpha/{name}
Gets a single CustomField by its resource name.
list GET /v1alpha/{parent}/customFields
Lists configured CustomFields.
patch PATCH /v1alpha/{customField.name}
Updates an existing CustomField.

REST Resource: v1alpha.projects.locations.instances.customLists

Methods
batchDelete POST /v1alpha/{parent}/customLists:batchDelete
Deletes multiple custom list entries in a single operation.
create POST /v1alpha/{parent}/customLists
Creates a new custom list entry.
delete DELETE /v1alpha/{name}
Deletes a specific custom list entry.
export POST /v1alpha/{parent}/customLists:export
Exports selected custom lists as a CSV file.
get GET /v1alpha/{name}
Gets a single custom list entry by its resource name.
import POST /v1alpha/{parent}/customLists:import
Imports multiple custom list entries from a CSV file.
list GET /v1alpha/{parent}/customLists
Lists all custom list entries in the instance.
patch PATCH /v1alpha/{customList.name}
Updates an existing custom list entry.

REST Resource: v1alpha.projects.locations.instances.dashboardCharts

Methods
batchGet GET /v1alpha/{parent}/dashboardCharts:batchGet
Get dashboard charts in batches.
get GET /v1alpha/{name}
Get a dashboard chart.

REST Resource: v1alpha.projects.locations.instances.dashboardQueries

Methods
execute POST /v1alpha/{parent}/dashboardQueries:execute
Execute a query and return the data.
get GET /v1alpha/{name}
Get a dashboard query.

REST Resource: v1alpha.projects.locations.instances.dashboardScheduledReports

Methods
create POST /v1alpha/{parent}/dashboardScheduledReports
Create a Dashboard Scheduled Report.
delete DELETE /v1alpha/{name}
Delete a Dashboard Scheduled Report.
duplicate POST /v1alpha/{name}:duplicate
Duplicate a scheduled report.
fetchHistory GET /v1alpha/{name}:fetchHistory
Retrieves details of past report runs for a specific scheduled report from the last year, including run count, status, and other success/failure information.
get GET /v1alpha/{name}
Get a Dashboard Scheduled Report.
list GET /v1alpha/{parent}/dashboardScheduledReports
List Dashboard Scheduled Reports.
patch PATCH /v1alpha/{dashboardScheduledReport.name}
Update a Dashboard Scheduled Report.
trigger POST /v1alpha/{name}:trigger
Sends the given report immediately.

REST Resource: v1alpha.projects.locations.instances.dashboards

Methods
copy POST /v1alpha/{name}:copy
Copy a dashboard of one type to a dashbooard of another type.
create POST /v1alpha/{parent}/dashboards
Create a dashboard.
delete DELETE /v1alpha/{name}
Delete a dashboard.
get GET /v1alpha/{name}
Get a dashboard.
list GET /v1alpha/{parent}/dashboards
List all dashboards.

REST Resource: v1alpha.projects.locations.instances.dataAccessLabels

Methods
create POST /v1alpha/{parent}/dataAccessLabels
Creates a data access label.
delete DELETE /v1alpha/{name}
Deletes a data access label.
get GET /v1alpha/{name}
Gets a data access label.
list GET /v1alpha/{parent}/dataAccessLabels
Lists all data access labels for the customer.
patch PATCH /v1alpha/{dataAccessLabel.name}
Updates a data access label.

REST Resource: v1alpha.projects.locations.instances.dataAccessScopes

Methods
create POST /v1alpha/{parent}/dataAccessScopes
Creates a data access scope.
delete DELETE /v1alpha/{name}
Deletes a data access scope.
get GET /v1alpha/{name}
Retrieves an existing data access scope.
list GET /v1alpha/{parent}/dataAccessScopes
Lists all existing data access scopes for the customer.
patch PATCH /v1alpha/{dataAccessScope.name}
Updates a data access scope.

REST Resource: v1alpha.projects.locations.instances.dataExports

Methods
cancel POST /v1alpha/{name}:cancel
Cancels a DataExport.
create POST /v1alpha/{parent}/dataExports
Creates a new DataExport.
fetchServiceAccountForDataExport GET /v1alpha/{parent}/dataExports:fetchServiceAccountForDataExport
Fetches the service account for Data Export for a chronicle instance.
fetchavailablelogtypes POST /v1alpha/{parent}/dataExports:fetchavailablelogtypes
Fetches available log types for export.
get GET /v1alpha/{name}
Gets a DataExport.
list GET /v1alpha/{parent}/dataExports
Lists Data Export requests.
patch PATCH /v1alpha/{dataExport.name}
Updates a Data Export request.

REST Resource: v1alpha.projects.locations.instances.dataTableOperationErrors

Methods
get GET /v1alpha/{name}
Get the error for a data table operation.

REST Resource: v1alpha.projects.locations.instances.dataTables

Methods
create POST /v1alpha/{parent}/dataTables
Create a new data table.
delete DELETE /v1alpha/{name}
Delete data table.
get GET /v1alpha/{name}
Get data table info.
list GET /v1alpha/{parent}/dataTables
List data tables.
patch PATCH /v1alpha/{dataTable.name}
Update data table.
upload POST /v1alpha/{parent}/dataTables:bulkCreateDataTableAsync
POST /upload/v1alpha/{parent}/dataTables:bulkCreateDataTableAsync
Create data table from a bulk file.

REST Resource: v1alpha.projects.locations.instances.dataTables.dataTableRows

Methods
bulkCreate POST /v1alpha/{parent}/dataTableRows:bulkCreate
Create data table rows in bulk.
bulkCreateAsync POST /v1alpha/{parent}/dataTableRows:bulkCreateAsync
Create data table rows in bulk asynchronously.
bulkDelete POST /v1alpha/{parent}/dataTableRows:bulkDelete
Delete data table rows in bulk.
bulkDeleteAsync POST /v1alpha/{parent}/dataTableRows:bulkDeleteAsync
Delete data table rows in bulk asynchronously.
bulkGet POST /v1alpha/{parent}/dataTableRows:bulkGet
Get data table rows in bulk.
bulkReplace POST /v1alpha/{parent}/dataTableRows:bulkReplace
Replace all existing data table rows with new data table rows.
bulkReplaceAsync POST /v1alpha/{parent}/dataTableRows:bulkReplaceAsync
Replace all existing data table rows with new data table rows asynchronously.
bulkUpdate POST /v1alpha/{parent}/dataTableRows:bulkUpdate
Update data table rows in bulk.
bulkUpdateAsync POST /v1alpha/{parent}/dataTableRows:bulkUpdateAsync
Update data table rows in bulk asynchronously.
create POST /v1alpha/{parent}/dataTableRows
Create a new data table row.
delete DELETE /v1alpha/{name}
Delete data table row.
get GET /v1alpha/{name}
Get data table row
list GET /v1alpha/{parent}/dataTableRows
List data table rows.
patch PATCH /v1alpha/{dataTableRow.name}
Update data table row
upload POST /v1alpha/{parent}/dataTableRows:bulkAppendAsync
POST /upload/v1alpha/{parent}/dataTableRows:bulkAppendAsync
Append data table rows in bulk from a file asynchronously.

REST Resource: v1alpha.projects.locations.instances.dataTaps

Methods
create POST /v1alpha/{parent}/dataTaps
Creates a DataTap.
delete DELETE /v1alpha/{name}
Deletes a DataTap.
get GET /v1alpha/{name}
Gets a DataTap.
list GET /v1alpha/{parent}/dataTaps
Lists DataTaps.
patch PATCH /v1alpha/{dataTap.name}
Updates a DataTap.

REST Resource: v1alpha.projects.locations.instances.dynamicParameters

Methods
create POST /v1alpha/{parent}/dynamicParameters
Creates a new DynamicParameter.
delete DELETE /v1alpha/{name}
Deletes a DynamicParameter.
export POST /v1alpha/{parent}/dynamicParameters:export
Exports all DynamicParameters defined in the instance to a CSV file.
get GET /v1alpha/{name}
Gets a single DynamicParameter by its resource name.
import POST /v1alpha/{parent}/dynamicParameters:import
Imports DynamicParameters from a CSV file.
list GET /v1alpha/{parent}/dynamicParameters
Lists all DynamicParameters defined in the instance.
patch PATCH /v1alpha/{dynamicParameter.name}
Updates an existing DynamicParameter.

REST Resource: v1alpha.projects.locations.instances.emailTemplates

Methods
batchDelete POST /v1alpha/{parent}/emailTemplates:batchDelete
Deletes multiple email templates in a single operation.
create POST /v1alpha/{parent}/emailTemplates
Creates a new EmailTemplate.
delete DELETE /v1alpha/{name}
Deletes a specific EmailTemplate.
export POST /v1alpha/{parent}/emailTemplates:export
Exports selected email templates as a CSV file.
get GET /v1alpha/{name}
Gets a single EmailTemplate by its resource name.
import POST /v1alpha/{parent}/emailTemplates:import
Imports multiple email templates from a CSV file.
list GET /v1alpha/{parent}/emailTemplates
Lists all EmailTemplates available in the instance.
patch PATCH /v1alpha/{emailTemplate.name}
Updates an existing EmailTemplate.

REST Resource: v1alpha.projects.locations.instances.enrichmentAgent

Methods
executeActions POST /v1alpha/{parent}/enrichmentAgent:executeActions
Executes a list of manual actions on a given SIEM alert.
fetchActions GET /v1alpha/{parent}/enrichmentAgent:fetchActions
List all actions that can be executed on a given SIEM alert.
fetchAlertData GET /v1alpha/{parent}/enrichmentAgent:fetchAlertData
Retrieves data for a specific SIEM alert for a context for the enrichment agent.

REST Resource: v1alpha.projects.locations.instances.enrichmentControls

Methods
create POST /v1alpha/{parent}/enrichmentControls
Create an EnrichmentControl resource.
delete DELETE /v1alpha/{name}
Delete an EnrichmentControl.
disable POST /v1alpha/{name}:disable
Disable an EnrichmentControl.
get GET /v1alpha/{name}
Get an EnrichmentControl.
list GET /v1alpha/{parent}/enrichmentControls
List all EnrichmentControls.

REST Resource: v1alpha.projects.locations.instances.entities

Methods
get GET /v1alpha/{name}
Gets an entity by name.
import POST /v1alpha/{parent}/entities:import
ImportEntities import the entities.
modifyEntityRiskScore POST /v1alpha/{name}:modifyEntityRiskScore
Modify base entity risk score for an entity.
queryEntityRiskScoreModifications GET /v1alpha/{name}:queryEntityRiskScoreModifications
Query modifications to base entity risk score for an entity.

REST Resource: v1alpha.projects.locations.instances.entitiesBlocklists

Methods
create POST /v1alpha/{parent}/entitiesBlocklists
Creates a new EntitiesBlocklist.
delete DELETE /v1alpha/{name}
Deletes an EntitiesBlocklist.
get GET /v1alpha/{name}
Gets a single EntitiesBlocklist.
list GET /v1alpha/{parent}/entitiesBlocklists
Lists EntitiesBlocklists.
patch PATCH /v1alpha/{entitiesBlocklist.name}
Updates an existing EntitiesBlocklist.

REST Resource: v1alpha.projects.locations.instances.entityRiskScores

Methods
query GET /v1alpha/{instance}/entityRiskScores:query
Queries the instance for EntityRiskScores.

REST Resource: v1alpha.projects.locations.instances.environmentGroups

Methods
create POST /v1alpha/{parent}/environmentGroups
Creates a new EnvironmentGroup.
delete DELETE /v1alpha/{name}
Deletes a specific EnvironmentGroup.
get GET /v1alpha/{name}
Gets a single EnvironmentGroup by its name.
list GET /v1alpha/{parent}/environmentGroups
Lists all EnvironmentGroups available in the instance.
patch PATCH /v1alpha/{environmentGroup.name}
Updates an existing EnvironmentGroup.

REST Resource: v1alpha.projects.locations.instances.environments

Methods
create POST /v1alpha/{parent}/environments
Creates a new Environment.
delete DELETE /v1alpha/{name}
Deletes a specific Environment.
get GET /v1alpha/{name}
Gets a single Environment by its resource name.
list GET /v1alpha/{parent}/environments
Lists all Environments available in the instance.
patch PATCH /v1alpha/{environment.name}
Updates an existing Environment.
resetWeights POST /v1alpha/{name}/environments:resetWeights
Resets the resource distribution weights for all environments.

REST Resource: v1alpha.projects.locations.instances.errorNotificationConfigs

Methods
create POST /v1alpha/{parent}/errorNotificationConfigs
Creates a new error notification config for the customer
delete DELETE /v1alpha/{name}
Deletes an error notification config.
get GET /v1alpha/{name}
Gets a single error notification config.
list GET /v1alpha/{parent}/errorNotificationConfigs
Lists error notification configurations for the customer.
patch PATCH /v1alpha/{errorNotificationConfig.name}
Updates an error notification config.

REST Resource: v1alpha.projects.locations.instances.events

Methods
batchGet GET /v1alpha/{parent}/events:batchGet
Gets a batch (list) of events given a list of names and a parent.
fetchEnrichedEvent GET /v1alpha/{name}:fetchEnrichedEvent
Gets the enriched event for a given event id.
get GET /v1alpha/{name}
Gets an event given a name.
import POST /v1alpha/{parent}/events:import
ImportEvents import the events.

REST Resource: v1alpha.projects.locations.instances.federationGroups

Methods
create POST /v1alpha/{parent}/federationGroups
CreateFederationGroup method creates a new Federation group.
delete DELETE /v1alpha/{name}
DeleteFederationGroup method deletes a Federation group.
get GET /v1alpha/{name}
GetFederationGroup method gets a Federation group.
list GET /v1alpha/{parent}/federationGroups
ListFederationGroups method lists all Federation groups.
patch PATCH /v1alpha/{federationGroup.name}
UpdateFederationGroup method updates a Federation group.

REST Resource: v1alpha.projects.locations.instances.feedPacks

Methods
get GET /v1alpha/{name}
Gets a feed pack.
list GET /v1alpha/{parent}/feedPacks
Lists Packs for which feeds can be configured.

REST Resource: v1alpha.projects.locations.instances.feedServiceAccounts

Methods
fetchServiceAccountForCustomer GET /v1alpha/{parent}/feedServiceAccounts:fetchServiceAccountForCustomer
Fetch Chronicle's service account used for ingesting data from Cloud Storage buckets.

REST Resource: v1alpha.projects.locations.instances.feedSourceTypeSchemas

Methods
list GET /v1alpha/{parent}/feedSourceTypeSchemas
List all FeedSourceTypeSchemas.

REST Resource: v1alpha.projects.locations.instances.feedSourceTypeSchemas.logTypeSchemas

Methods
list GET /v1alpha/{parent}/logTypeSchemas
List all LogTypeSchemas compatible with a given FeedSourceType.

REST Resource: v1alpha.projects.locations.instances.feeds

Methods
create POST /v1alpha/{parent}/feeds
Creates a feed.
delete DELETE /v1alpha/{name}
Deletes a feed.
disable POST /v1alpha/{name}:disable
Disable feed for ingestion.
enable POST /v1alpha/{name}:enable
Enable feed for ingestion.
generateSecret POST /v1alpha/{name}:generateSecret
Generates a new secret for https push feeds which do not support jwt tokens.
get GET /v1alpha/{name}
Gets a feed.
importPushLogs POST /v1alpha/{parent}:importPushLogs
Import logs coming from https push feeds.
list GET /v1alpha/{parent}/feeds
Lists all feeds for the customer.
patch PATCH /v1alpha/{feed.name}
Updates the full feed.
scheduleTransfer POST /v1alpha/{name}:scheduleTransfer
Schedules a feed transfer for the feed.

REST Resource: v1alpha.projects.locations.instances.findingsGraph

Methods
exploreNode GET /v1alpha/{name}:exploreNode
Explores a node to find related nodes if it is an IndividualNode or retrieve the individual nodes within the group if it is a GroupNode and return a graph composed by the nodes and their edges over a time range.
initializeGraph GET /v1alpha/{name}:initializeGraph
Initialize a graph from a resource such as a detection or an entity.

REST Resource: v1alpha.projects.locations.instances.findingsRefinements

Methods
computeFindingsRefinementActivity POST /v1alpha/{name}:computeFindingsRefinementActivity
Returns findings refinement activity for a specific findings refinement.
create POST /v1alpha/{parent}/findingsRefinements
Creates a new findings refinement.
get GET /v1alpha/{name}
Gets a single findings refinement.
getDeployment GET /v1alpha/{name}
Gets a findings refinement deployment.
list GET /v1alpha/{parent}/findingsRefinements
Lists a collection of findings refinements.
patch PATCH /v1alpha/{findingsRefinement.name}
Updates a findings refinement.
updateDeployment PATCH /v1alpha/{findingsRefinementDeployment.name}
Updates a findings refinement deployment.

REST Resource: v1alpha.projects.locations.instances.formDynamicParameters

Methods
get GET /v1alpha/{name}
Gets a single FormDynamicParameter by its resource name.
list GET /v1alpha/{parent}/formDynamicParameters
Lists all FormDynamicParameters defined in the instance.
saveForm POST /v1alpha/{parent}/formDynamicParameters:saveForm
Saves the complete set of dynamic parameters for a specific form type.

REST Resource: v1alpha.projects.locations.instances.forwarders

Methods
create POST /v1alpha/{parent}/forwarders
Create a forwarder.
delete DELETE /v1alpha/{name}
Delete a forwarder by forwarder ID.
generateForwarderFiles GET /v1alpha/{name}:generateForwarderFiles
Generates a forwarder's configuration files.
get GET /v1alpha/{name}
Get a forwarder by forwarder ID.
importStatsEvents POST /v1alpha/{name}:importStatsEvents
ImportStatsEvents imports stats events from a forwarder.
list GET /v1alpha/{parent}/forwarders
List all forwarders for the instance.
patch PATCH /v1alpha/{forwarder.name}
Update a forwarder.

REST Resource: v1alpha.projects.locations.instances.forwarders.collectors

Methods
create POST /v1alpha/{parent}/collectors
Create a collector.
delete DELETE /v1alpha/{name}
Delete a collector by collector ID.
get GET /v1alpha/{name}
Get a collector by collector ID.
list GET /v1alpha/{parent}/collectors
List all collectors for the forwarder.
patch PATCH /v1alpha/{collector.name}
Update a collector.

REST Resource: v1alpha.projects.locations.instances.ingestionLogLabels

Methods
list GET /v1alpha/{parent}/ingestionLogLabels
Returns the ingestion log labels for the customer.

REST Resource: v1alpha.projects.locations.instances.ingestionLogNamespaces

Methods
list GET /v1alpha/{parent}/ingestionLogNamespaces
Lists ingestion log namespaces for the customer.

REST Resource: v1alpha.projects.locations.instances.integrations

Methods
create POST /v1alpha/{parent}/integrations
Creates a new custom SOAR Integration.
delete DELETE /v1alpha/{name}
Deletes a specific custom Integration.
download GET /v1alpha/{name}:export
Exports the entire integration package as a ZIP file.
downloadDependency POST /v1alpha/{name}:downloadDependency
Initiates the download of a Python dependency (e.g., a library from PyPI) for a custom integration.
exportIntegrationItems GET /v1alpha/{name}:exportItems
Exports specific items from an integration into a ZIP folder.
fetchAffectedItems GET /v1alpha/{name}:fetchAffectedItems
Identifies all system items (e.g., connector instances, job instances, playbooks) that would be affected by a change to or deletion of this integration.
fetchAgentIntegrations GET /v1alpha/{parent}:fetchAgentIntegrations
Returns the set of integrations currently installed and configured on a specific agent.
fetchCommercialDiff GET /v1alpha/{name}:fetchCommercialDiff
Returns the difference between the current integration and its matching commercial version in the Marketplace.
fetchDependencies GET /v1alpha/{name}:fetchDependencies
Returns the complete list of Python dependencies currently associated with a custom integration.
fetchRestrictedAgents GET /v1alpha/{name}:fetchRestrictedAgents
Identifies remote agents that would be restricted from running an updated version of the integration, typically due to environment incompatibilities like unsupported Python versions.
get GET /v1alpha/{name}
Gets a single Integration by its resource name.
getFetchProductionDiff GET /v1alpha/{name}:fetchProductionDiff
Returns the difference between the staging integration and its matching production version.
getFetchStagingDiff GET /v1alpha/{name}:fetchStagingDiff
Returns the difference between the production integration and its corresponding staging version.
import POST /v1alpha/{parent}/integrations:import
POST /upload/v1alpha/{parent}/integrations:import
Imports a complete integration package from a ZIP file (up to 500MB).
importIntegrationDependency POST /v1alpha/{name}:uploadDependency
POST /upload/v1alpha/{name}:uploadDependency
Uploads a raw dependency file (e.g., a wheel file or binary) to an existing custom integration.
importIntegrationItems POST /v1alpha/{name}:importItems
POST /upload/v1alpha/{name}:importItems
Imports individual integration items (actions, jobs, connectors, etc.) from a ZIP file into an existing custom integration.
list GET /v1alpha/{parent}/integrations
Lists all Integrations installed in the instance.
patch PATCH /v1alpha/{integration.name}
Updates an existing Integration's metadata.
pushToProduction POST /v1alpha/{name}:pushToProduction
Transitions an integration from staging to production mode.
pushToStaging POST /v1alpha/{name}:pushToStaging
Transitions an integration from production back to staging mode.
updateCustomIntegration POST /v1alpha/{updateCustomIntegrationPayload.integration.name}:updateCustomIntegration
Updates a custom integration definition, including its parameters and dependencies.
upload POST /v1alpha/{parent}/integrations:extractIntegrationDetails
POST /upload/v1alpha/{parent}/integrations:extractIntegrationDetails
Parses an integration ZIP file and returns its constituent items and metadata without importing it.

REST Resource: v1alpha.projects.locations.instances.integrations.actions

Methods
create POST /v1alpha/{parent}/actions
Creates a new custom IntegrationAction within an integration.
delete DELETE /v1alpha/{name}
Deletes a specific custom IntegrationAction.
executeTest POST /v1alpha/{parent}/actions:executeTest
Executes a test run of an action's script.
fetchActionsByEnvironment GET /v1alpha/{parent}/actions:fetchActionsByEnvironment
Lists actions that are executable within specified environments.
fetchTemplate GET /v1alpha/{parent}/actions:fetchTemplate
Retrieves a default Python script template for a new integration action.
get GET /v1alpha/{name}
Gets a single IntegrationAction.
list GET /v1alpha/{parent}/actions
Lists all IntegrationActions for a specific integration.
patch PATCH /v1alpha/{integrationAction.name}
Updates an existing IntegrationAction.

REST Resource: v1alpha.projects.locations.instances.integrations.actions.revisions

Methods
create POST /v1alpha/{parent}/revisions
Creates a new saved revision (snapshot) of the current action definition.
delete DELETE /v1alpha/{name}
Deletes a specific action revision.
list GET /v1alpha/{parent}/revisions
Lists all revisions for a specific action.
rollback POST /v1alpha/{name}:rollback
Reverts the current action definition to a previously saved revision.

REST Resource: v1alpha.projects.locations.instances.integrations.connectors

Methods
create POST /v1alpha/{parent}/connectors
Creates a new custom IntegrationConnector.
delete DELETE /v1alpha/{name}
Deletes a specific custom IntegrationConnector.
executeTest POST /v1alpha/{parent}/connectors:executeTest
Executes a test run of a connector's Python script.
fetchTemplate GET /v1alpha/{parent}/connectors:fetchTemplate
Returns a default Python script template for an integration connector.
get GET /v1alpha/{name}
Gets a single IntegrationConnector by its resource name.
list GET /v1alpha/{parent}/connectors
Lists all IntegrationConnectors defined for a specific integration.
patch PATCH /v1alpha/{integrationConnector.name}
Updates an existing custom IntegrationConnector.

REST Resource: v1alpha.projects.locations.instances.integrations.connectors.connectorInstances

Methods
create POST /v1alpha/{parent}/connectorInstances
Creates a new ConnectorInstance based on a connector definition.
delete DELETE /v1alpha/{name}
Deletes a ConnectorInstance.
fetchLatestDefinition GET /v1alpha/{parent}:fetchLatestDefinition
Refreshes a connector instance with the latest definition from the integration.
get GET /v1alpha/{name}
Gets a single ConnectorInstance by its resource name.
list GET /v1alpha/{parent}/connectorInstances
Lists ConnectorInstances for a specific connector definition.
patch PATCH /v1alpha/{connectorInstance.name}
Updates an existing ConnectorInstance.
runOnDemand POST /v1alpha/{name}:runOnDemand
Triggers an immediate, single execution of the connector.
setLogsCollection POST /v1alpha/{name}:setLogsCollection
Enables or disables debug log collection for a connector instance.

REST Resource: v1alpha.projects.locations.instances.integrations.connectors.connectorInstances.logs

Methods
get GET /v1alpha/{name}
Gets a single ConnectorInstanceLog.
list GET /v1alpha/{parent}/logs
Lists all ConnectorInstanceLogs for a given ConnectorInstance.

REST Resource: v1alpha.projects.locations.instances.integrations.connectors.contextProperties

Methods
clearAll POST /v1alpha/{parent}/contextProperties:clearAll
Deletes all context properties associated with a specific parent context.
create POST /v1alpha/{parent}/contextProperties
Creates a new context property.
delete DELETE /v1alpha/{name}
Deletes a specific context property.
get GET /v1alpha/{name}
Gets a single context property by its resource name.
list GET /v1alpha/{parent}/contextProperties
Lists all context properties for a specific parent entity.
patch PATCH /v1alpha/{contextProperty.name}
Updates an existing context property.

REST Resource: v1alpha.projects.locations.instances.integrations.connectors.revisions

Methods
create POST /v1alpha/{parent}/revisions
Creates a new snapshot (revision) of the current connector definition.
delete DELETE /v1alpha/{name}
Deletes a specific connector revision.
list GET /v1alpha/{parent}/revisions
Lists all saved revisions of a specific connector.
rollback POST /v1alpha/{name}:rollback
Restores the connector definition to the state captured in a specific revision.

REST Resource: v1alpha.projects.locations.instances.integrations.integrationInstances

Methods
create POST /v1alpha/{parent}/integrationInstances
Creates a new IntegrationInstance.
delete DELETE /v1alpha/{name}
Deletes a specific IntegrationInstance.
executeTest POST /v1alpha/{name}:executeTest
Executes a connectivity test ("ping") for a specific integration instance.
fetchAffectedItems GET /v1alpha/{name}:fetchAffectedItems
Lists all playbooks that depend on a specific integration instance.
fetchDefaultInstance GET /v1alpha/{parent}/integrationInstances:fetchDefaultInstance
Returns the system default configuration for a specific integration.
get GET /v1alpha/{name}
Gets a single IntegrationInstance by its resource name.
list GET /v1alpha/{parent}/integrationInstances
Lists all IntegrationInstances for a specific integration.
patch PATCH /v1alpha/{integrationInstance.name}
Updates an existing IntegrationInstance.

REST Resource: v1alpha.projects.locations.instances.integrations.jobs

Methods
create POST /v1alpha/{parent}/jobs
Creates a new custom IntegrationJob.
delete DELETE /v1alpha/{name}
Deletes a specific custom IntegrationJob.
executeTest POST /v1alpha/{parent}/jobs:executeTest
Executes a test run of a `IntegrationJob's Python script.
fetchTemplate GET /v1alpha/{parent}/jobs:fetchTemplate
Returns a default Python script template for an IntegrationJob.
get GET /v1alpha/{name}
Gets a single IntegrationJob by its resource name.
list GET /v1alpha/{parent}/jobs
Lists all IntegrationJobs defined for a specific integration.
patch PATCH /v1alpha/{integrationJob.name}
Updates an existing custom IntegrationJob.

REST Resource: v1alpha.projects.locations.instances.integrations.jobs.contextProperties

Methods
clearAll POST /v1alpha/{parent}/contextProperties:clearAll
Deletes all context properties associated with a specific parent context.
create POST /v1alpha/{parent}/contextProperties
Creates a new context property.
delete DELETE /v1alpha/{name}
Deletes a specific context property.
get GET /v1alpha/{name}
Gets a single context property by its resource name.
list GET /v1alpha/{parent}/contextProperties
Lists all context properties for a specific parent entity.
patch PATCH /v1alpha/{contextProperty.name}
Updates an existing context property.

REST Resource: v1alpha.projects.locations.instances.integrations.jobs.jobInstances

Methods
create POST /v1alpha/{parent}/jobInstances
Creates a new IntegrationJobInstance from a job definition.
delete DELETE /v1alpha/{name}
Deletes a specific IntegrationJobInstance.
get GET /v1alpha/{name}
Gets a single IntegrationJobInstance by its resource name.
list GET /v1alpha/{parent}/jobInstances
Lists all IntegrationJobInstances for a specific job definition.
patch PATCH /v1alpha/{integrationJobInstance.name}
Updates an existing IntegrationJobInstance.
runOnDemand POST /v1alpha/{name}:runOnDemand
Executes a scheduled background job immediately and only once, bypassing the normal schedule.

REST Resource: v1alpha.projects.locations.instances.integrations.jobs.jobInstances.logs

Methods
get GET /v1alpha/{name}
Gets a single JobInstanceLog entry by its resource name.
list GET /v1alpha/{parent}/logs
Lists all execution logs associated with a specific job instance.

REST Resource: v1alpha.projects.locations.instances.integrations.jobs.revisions

Methods
create POST /v1alpha/{parent}/revisions
Creates a new saved revision (snapshot) of the current job definition.
delete DELETE /v1alpha/{name}
Deletes a specific job revision.
list GET /v1alpha/{parent}/revisions
Lists all historical revisions for a specific background job.
rollback POST /v1alpha/{name}:rollback
Reverts the current background security job definition to a previously saved revision.

REST Resource: v1alpha.projects.locations.instances.integrations.logicalOperators

Methods
create POST /v1alpha/{parent}/logicalOperators
Creates a new custom IntegrationLogicalOperator.
delete DELETE /v1alpha/{name}
Deletes a specific custom IntegrationLogicalOperator.
executeTest POST /v1alpha/{parent}/logicalOperators:executeTest
Executes a test run of a logical operator’s evaluation script.
fetchTemplate GET /v1alpha/{parent}/logicalOperators:fetchTemplate
Returns a default Python script template for a logical operator.
get GET /v1alpha/{name}
Gets a single IntegrationLogicalOperator by its resource name.
list GET /v1alpha/{parent}/logicalOperators
Lists all IntegrationLogicalOperators defined for a specific integration.
patch PATCH /v1alpha/{logicalOperator.name}
Updates an existing custom IntegrationLogicalOperator.

REST Resource: v1alpha.projects.locations.instances.integrations.logicalOperators.revisions

Methods
create POST /v1alpha/{parent}/revisions
Creates a new revision of a custom logical operator.
delete DELETE /v1alpha/{name}
Deletes a specific logical operator revision.
list GET /v1alpha/{parent}/revisions
Lists all saved revisions for a specific logical operator.
rollback POST /v1alpha/{name}:rollback
Rolls back a custom logical operator to a previously saved revision.

REST Resource: v1alpha.projects.locations.instances.integrations.managers

Methods
create POST /v1alpha/{parent}/managers
Creates a new custom IntegrationManager.
delete DELETE /v1alpha/{name}
Deletes a specific custom IntegrationManager.
fetchTemplate GET /v1alpha/{parent}/managers:fetchTemplate
Returns a default recommended Python script template for an integration manager.
get GET /v1alpha/{name}
Gets a single IntegrationManager by its resource name.
list GET /v1alpha/{parent}/managers
Lists all IntegrationManagers defined for a specific integration.
patch PATCH /v1alpha/{integrationManager.name}
Updates an existing custom IntegrationManager.

REST Resource: v1alpha.projects.locations.instances.integrations.managers.revisions

Methods
create POST /v1alpha/{parent}/revisions
Creates a new saved revision (snapshot) of the current manager.
delete DELETE /v1alpha/{name}
Deletes a specific manager revision.
get GET /v1alpha/{name}
Gets a single IntegrationManagerRevision by its resource name.
list GET /v1alpha/{parent}/revisions
Lists all revisions for a specific manager.
rollback POST /v1alpha/{name}:rollback
Reverts the current manager definition to a previously saved revision.

REST Resource: v1alpha.projects.locations.instances.integrations.transformers

Methods
create POST /v1alpha/{parent}/transformers
Creates a new TransformerDefinition within an integration.
delete DELETE /v1alpha/{name}
Deletes a custom TransformerDefinition.
executeTest POST /v1alpha/{integration}/transformers:executeTest
Executes a test run of a transformer's Python script.
fetchTemplate GET /v1alpha/{integration}/transformers:fetchTemplate
Retrieves a default Python script template for a new transformer.
get GET /v1alpha/{name}
Gets a single TransformerDefinition.
list GET /v1alpha/{parent}/transformers
Lists all TransformerDefinitions for a specific integration.
patch PATCH /v1alpha/{transformerDefinition.name}
Updates an existing TransformerDefinition.

REST Resource: v1alpha.projects.locations.instances.integrations.transformers.revisions

Methods
create POST /v1alpha/{parent}/revisions
Creates a new revision of a custom transformer.
delete DELETE /v1alpha/{name}
Deletes a specific transformer revision.
list GET /v1alpha/{parent}/revisions
Lists all saved revisions for a specific Transformer.
rollback POST /v1alpha/{name}:rollback
Rolls back a custom transformer to a previously saved revision.

REST Resource: v1alpha.projects.locations.instances.investigations

Methods
fetchAssociated GET /v1alpha/{parent}/investigations:fetchAssociated
FetchAssociatedInvestigations is used to fetch all the associated resources for each of the given alerts/cases.
get GET /v1alpha/{name}
GetInvestigation is used to retrieve an investigation.
list GET /v1alpha/{parent}/investigations
ListInvestigations is used to retrieve existing investigations for a given instance.
trigger POST /v1alpha/{parent}/investigations:trigger
Custom method to manually trigger an investigation for a given alert.

REST Resource: v1alpha.projects.locations.instances.investigations.investigationComments

Methods
create POST /v1alpha/{parent}/investigationComments
CreateInvestigationComment is used to create an investigation comment.
delete DELETE /v1alpha/{name}
DeleteInvestigationComment is used to delete an investigation comment.
get GET /v1alpha/{name}
Retrieves a specific investigation comment.
list GET /v1alpha/{parent}/investigationComments
ListInvestigationComments is used to retrieve existing investigation comments for a given investigation.
patch PATCH /v1alpha/{investigationComment.name}
UpdateInvestigationComment is used to update an investigation comment.

REST Resource: v1alpha.projects.locations.instances.investigations.investigationSteps

Methods
get GET /v1alpha/{name}
GetInvestigationStep is used to retrieve an investigation step.
list GET /v1alpha/{parent}/investigationSteps
ListInvestigationSteps is used to retrieve existing investigation steps for a given investigation.

REST Resource: v1alpha.projects.locations.instances.iocAssociations

Methods
batchGet GET /v1alpha/{parent}/iocAssociations:batchGet
Gets a batch (list) of IocAssociations given a list of names and a parent.
fetchRelated GET /v1alpha/{parent}/iocAssociations:fetchRelated
List related Associations (Threat Actors or Malware Families) for a given threat resource.
get GET /v1alpha/{name}
Get an Ioc Association by resource name.

REST Resource: v1alpha.projects.locations.instances.iocs

Methods
batchGet GET /v1alpha/{parent}/iocs:batchGet
Gets a batch (list) of iocs given a list of names and a parent.
fetchRelated GET /v1alpha/{parent}/iocs:fetchRelated
List related IOCs for a given threat resource.
find POST /v1alpha/{parent}/iocs:find
Gets a list of Iocs given a list of parameters that uniquely identify them.
findFirstAndLastSeen GET /v1alpha/{name}:findFirstAndLastSeen
FindFirstAndLastSeen for an Ioc.
get GET /v1alpha/{name}
Get an Ioc.
getIocState GET /v1alpha/{name}
Gets the status of an ioc
searchCuratedDetectionsForIoc GET /v1alpha/{name}:searchCuratedDetectionsForIoc
Search curated detections for an Ioc.
updateIocState PATCH /v1alpha/{iocState.name}
Update an Ioc state.

REST Resource: v1alpha.projects.locations.instances.labsExperiments

Methods
execute POST /v1alpha/{parent}:execute
Initiates the asynchronous execution of a LabsExperiment.
fetchAgentSession GET /v1alpha/{name}:fetchAgentSession
Gets the session details for an AI agent during a LabsExperiment execution.
get GET /v1alpha/{name}
Gets a single LabsExperiment by its resource name.
list GET /v1alpha/{parent}/labsExperiments
Lists all available LabsExperiments.
patch PATCH /v1alpha/{labsExperiment.name}
Updates an existing LabsExperiment.
sendAgentMessage POST /v1alpha/{name}:sendAgentMessage
Sends an interactive message to an AI agent during a LabsExperiment execution.

REST Resource: v1alpha.projects.locations.instances.labsExperiments.executions

Methods
get GET /v1alpha/{name}
Gets a single LabsExperimentExecution by its resource name.
list GET /v1alpha/{parent}/executions
Lists all executions (interactions) for a specific LabsExperiment.
patch PATCH /v1alpha/{labsExperimentExecution.name}
Updates an existing LabsExperimentExecution.

REST Resource: v1alpha.projects.locations.instances.legacy

Methods
legacyBatchGetCases GET /v1alpha/{instance}/legacy:legacyBatchGetCases
Fetches multiple cases by name in a single request.
legacyBatchGetCollections GET /v1alpha/{instance}/legacy:legacyBatchGetCollections
RPC for getting a batch of collections based on their Collection Ids.
legacyCreateOrUpdateCase POST /v1alpha/{instance}/legacy:legacyCreateOrUpdateCase
Creates a new case or updates an existing one using a legacy data format.
legacyCreateSoarAlert POST /v1alpha/{instance}/legacy:legacyCreateSoarAlert
RPC for creating a SOAR alert.
legacyFetchAlertsView GET /v1alpha/{instance}/legacy:legacyFetchAlertsView
Legacy streaming endpoint for getting alerts (and in some cases, non-alerting detections) along with aggregated fields that match the query.
legacyFetchUdmSearchCsv POST /v1alpha/{instance}/legacy:legacyFetchUdmSearchCsv
Legacy endpoint for fetching csv rows for matching UDM search.
legacyFetchUdmSearchView POST /v1alpha/{instance}/legacy:legacyFetchUdmSearchView
Legacy endpoint for fetching events, filters, and histograms matching UDM search.
legacyFindAssetEvents GET /v1alpha/{instance}/legacy:legacyFindAssetEvents
Legacy endpoint for getting events for an asset indicator.
legacyFindRawLogs GET /v1alpha/{instance}/legacy:legacyFindRawLogs
Legacy endpoint for getting events for a raw log search query.
legacyFindUdmEvents GET /v1alpha/{instance}/legacy:legacyFindUdmEvents
Legacy endpoint for finding UDM/entity events using tokens or ids.
legacyGetAlert GET /v1alpha/{instance}/legacy:legacyGetAlert
RPC for fetching an alert based on its Alert Id.
legacyGetCuratedRulesTrends GET /v1alpha/{instance}/legacy:legacyGetCuratedRulesTrends
Legacy RPC for listing detection counts and last detection timestamp for a list of Curated Rule ids.
legacyGetDetection GET /v1alpha/{instance}/legacy:legacyGetDetection
Legacy endpoint for fetching a Detection.
legacyGetEventForDetection GET /v1alpha/{instance}/legacy:legacyGetEventForDetection
Legacy endpoint for getting event for curated detection.
legacyGetRuleCounts GET /v1alpha/{instance}/legacy:legacyGetRuleCounts
RPC to get rule counts.
legacyGetRulesTrends GET /v1alpha/{instance}/legacy:legacyGetRulesTrends
Legacy RPC for listing detection counts and last detection timestamp for a list of user-defined rule ids.
legacyRunTestRule POST /v1alpha/{instance}/legacy:legacyRunTestRule
Legacy RPC to test a rule and stream back the responses.
legacySearchArtifactEvents GET /v1alpha/{instance}/legacy:legacySearchArtifactEvents
Legacy endpoint for getting events for a given artifact.
legacySearchArtifactIoCDetails GET /v1alpha/{instance}/legacy:legacySearchArtifactIoCDetails
Rpc to search for IoC details for a particular artifact.
legacySearchAssetEvents GET /v1alpha/{instance}/legacy:legacySearchAssetEvents
Legacy endpoint for getting events for a given asset.
legacySearchCuratedDetections GET /v1alpha/{instance}/legacy:legacySearchCuratedDetections
Legacy endpoint for searcing detections for a Curated Rule.
legacySearchCustomerStats POST /v1alpha/{instance}/legacy:legacySearchCustomerStats
LegacySearchCustomerStats gets data collection stats about a customer, e.g., the first time data was seen from a customer, the last time, etc.
legacySearchDetections GET /v1alpha/{instance}/legacy:legacySearchDetections
Legacy endpoint for searching detections for a rule version.
legacySearchDomainsRecentlyRegistered GET /v1alpha/{instance}/legacy:legacySearchDomainsRecentlyRegistered
Given a list of domain names and a time, returns only the domains that were recently registered relative to that time.
legacySearchDomainsTimingStats GET /v1alpha/{instance}/legacy:legacySearchDomainsTimingStats
Given a list of domain names, returns time-related statistics for those domains (ex: the first seen in the enterprise time).
legacySearchEnterpriseWideAlerts GET /v1alpha/{instance}/legacy:legacySearchEnterpriseWideAlerts
RPC for getting all alerts in a time range in legacy page site.
legacySearchEnterpriseWideIoCs GET /v1alpha/{instance}/legacy:legacySearchEnterpriseWideIoCs
RPC for listing IoC matches against ingested events.
legacySearchFindings GET /v1alpha/{instance}/legacy:legacySearchFindings
Legacy endpoint for listing Findings.
legacySearchIngestionStats POST /v1alpha/{instance}/legacy:legacySearchIngestionStats
LegacySearchIngestionStats gets data ingestion stats about a given customer, e.g.
legacySearchIoCInsights GET /v1alpha/{instance}/legacy:legacySearchIoCInsights
Rpc to list IoC insights on given artifacts.
legacySearchRawLogs GET /v1alpha/{instance}/legacy:legacySearchRawLogs
Legacy endpoint for getting events for a raw log search.
legacySearchRawLogsV2 GET /v1alpha/{name}/legacy:legacySearchRawLogsV2
Searches for raw logs within a specified Google SecOps instance.
legacySearchRuleDetectionCountBuckets GET /v1alpha/{instance}/legacy:legacySearchRuleDetectionCountBuckets
Legacy endpoint for listing detection count buckets for a Rules Engine rule.
legacySearchRuleDetectionEvents GET /v1alpha/{instance}/legacy:legacySearchRuleDetectionEvents
Legacy RPC for listing events associated with a particular Detection generated by a Rules Engine rule.
legacySearchRuleResults GET /v1alpha/{instance}/legacy:legacySearchRuleResults
Legacy endpoint for listing aggregated results for a Rules Engine rule.
legacySearchRulesAlerts GET /v1alpha/{instance}/legacy:legacySearchRulesAlerts
RPC to get the list of Rules Engine generated alerts for a customer.
legacySearchUserEvents GET /v1alpha/{instance}/legacy:legacySearchUserEvents
Legacy endpoint for getting events for a given user.
legacyStreamDetectionAlerts POST /v1alpha/{instance}/legacy:legacyStreamDetectionAlerts
Legacy StreamDetectionAlerts continuously streams new detection alerts as they are discovered.
legacyTestRuleStreaming POST /v1alpha/{instance}/legacy:legacyTestRuleStreaming
LegacyTestRuleStreaming tests the given rule text over a specified time range and streams detections/errors back without persisting them.
legacyUpdateAlert POST /v1alpha/{instance}/legacy:legacyUpdateAlert
Legacy endpoint for updating an alert.

REST Resource: v1alpha.projects.locations.instances.legacyAdvancedReports

Methods
download GET /v1alpha/{name}/legacyAdvancedReports:legacyReportExport
Exports an Advanced Report definition.
legacyCopyLookerReport POST /v1alpha/{instance}/legacyAdvancedReports:legacyCopyLookerReport
Creates a copy of an existing Looker Advanced Report.
legacyCreateLookerReport POST /v1alpha/{instance}/legacyAdvancedReports:legacyCreateLookerReport
Creates a new Looker Advanced Report.
legacyGetAdvancedReportProvider GET /v1alpha/{instance}/legacyAdvancedReports:legacyGetAdvancedReportProvider
Returns information about the current advanced reporting provider (e.g., Looker).
legacyGetLookerReportDetails POST /v1alpha/{instance}/legacyAdvancedReports:legacyGetLookerReportDetails
Returns the complete details, including the embed URL, for a specific Looker report.
legacyGetLookerReports GET /v1alpha/{instance}/legacyAdvancedReports:legacyGetLookerReports
Returns a list of all Looker Advanced Reports available to the current user.
legacyRefreshLookerReports GET /v1alpha/{instance}/legacyAdvancedReports:legacyRefreshLookerReports
Refreshes the list and status of available Looker Advanced Reports by synchronizing with the reporting backend.
legacyReport DELETE /v1alpha/{instance}/legacyAdvancedReports:legacyReport
Deletes a specific Advanced Report.
legacyReportImport POST /v1alpha/{instance}/legacyAdvancedReports:legacyReportImport
Imports a report definition into the advanced reporting system.
legacyShareLookerReport POST /v1alpha/{instance}/legacyAdvancedReports:legacyShareLookerReport
Updates the sharing permissions for a specific Looker Advanced Report.

REST Resource: v1alpha.projects.locations.instances.legacyCaseFederationPlatforms

Methods
create POST /v1alpha/{parent}/legacyCaseFederationPlatforms
Registers a new remote SecOps instance as a federation platform.
legacyDeleteCaseFederationPlatform DELETE /v1alpha/{name}
Deletes a specific LegacyCaseFederationPlatform.
legacyGetCaseFederationPlatform GET /v1alpha/{name}
Gets a single LegacyCaseFederationPlatform by its resource name.

REST Resource: v1alpha.projects.locations.instances.legacyCases

Methods
addEvidence POST /v1alpha/{name}/legacyCases:addEvidence
Adds evidence, such as a file attachment, to a specific case.
createCase POST /v1alpha/{name}/legacyCases:createCase
Ingests a package of cases into the system's data processing engine.
createManualCase POST /v1alpha/{name}/legacyCases:createManualCase
Creates a case manually that appears in the case queue alongside automatically ingested alerts.
createSimulatedCustomCase POST /v1alpha/{name}/legacyCases:createSimulatedCustomCase
Creates a custom simulated case based on specified alert and event fields.
deleteUseCase POST /v1alpha/{name}/legacyCases:deleteUseCase
Deletes a specific custom case simulation.
executeManualAction POST /v1alpha/{name}/legacyCases:executeManualAction
Executes a single action on specific entities scopes on selected alerts within a case.
exportCustomCase GET /v1alpha/{name}/legacyCases:exportCustomCase
Exports a custom simulated case configuration as a JSON package.
generateCollaboratorRequest POST /v1alpha/{name}/legacyCases:generateCollaboratorRequest
Generates a request for collaboration as a new case.
generateUseCases POST /v1alpha/{name}/legacyCases:generateUseCases
Triggers the generation of one or more simulated cases based on predefined templates or custom definitions.
getActionResultById GET /v1alpha/{name}/legacyCases:getActionResultById
Retrieves the details and results of a previously executed action.
getCustomCaseDetails POST /v1alpha/{name}/legacyCases:getCustomCaseDetails
Retrieves the detailed configuration of a custom simulated case.
getCustomCases GET /v1alpha/{name}/legacyCases:getCustomCases
Lists the names of all custom simulated cases defined in the environment.
importCustomCase POST /v1alpha/{name}/legacyCases:importCustomCase
Imports a custom simulated case from a JSON package.
injectSampleData POST /v1alpha/{name}/legacyCases:injectSampleData
Ingests sample alerts from connector testing into the system as test cases.
investigatorExtendCaseGraph POST /v1alpha/{name}/legacyCases:investigatorExtendCaseGraph
Extends the investigator graph for a case with additional nodes and relations.
isCustomCaseExists GET /v1alpha/{name}/legacyCases:isCustomCaseExists
Checks if a custom simulated case with a specific alert name already exists.
simulateAlert POST /v1alpha/{name}/legacyCases:simulateAlert
Simulates a specific alert within a case, optionally replacing fields or performing grouping.

REST Resource: v1alpha.projects.locations.instances.legacyConfiguration

Methods
legacyGetMaximumAlertsGroupingConfiguration GET /v1alpha/{instance}/legacyConfiguration:legacyGetMaximumAlertsGroupingConfiguration
Returns the system-wide maximum number of alerts that can be grouped into a single case.

REST Resource: v1alpha.projects.locations.instances.legacyFederatedCases

Methods
legacyBatchPatchFederatedCases POST /v1alpha/{parent}/legacyFederatedCases:legacyBatchPatchFederatedCases
Updates or inserts multiple cases from a secondary instance into the primary platform's federated store.
legacyFetchCasesToSync GET /v1alpha/{parent}/legacyFederatedCases:legacyFetchCasesToSync
Returns a batch of cases from a secondary instance that need to be synchronized into the primary platform's federated store.
legacyGetFederatedCase GET /v1alpha/{name}
Gets a single federated case by its resource name.
legacyListFederatedCases POST /v1alpha/{parent}/legacyFederatedCases:legacyListFederatedCases
Lists all cases available in the federated store across all synchronized platforms.

REST Resource: v1alpha.projects.locations.instances.legacyPlaybooks

Methods
LegacyPlaybookApplyApprovalLink POST /v1alpha/{instance}/legacyPlaybooks:legacyApplyApprovalLink
Processes an analyst's decision from a manual approval link.
download GET /v1alpha/{instance}/legacyPlaybooks:legacyExportDefinitions
Exports one or more playbook definitions as a ZIP file.
exportWorkflowWithBlocksByIdentifier POST /v1alpha/{instance}/legacyPlaybooks:legacyImportDefinitions
POST /upload/v1alpha/{instance}/legacyPlaybooks:legacyImportDefinitions
Imports multiple playbook definitions from a ZIP file into the current instance.
legacyActionWidgetTemplate GET /v1alpha/{instance}/legacyPlaybooks:legacyActionWidgetTemplate
Returns the action widget template for a given action identifier.
legacyAddOrUpdatePlaybookCategory POST /v1alpha/{instance}/legacyPlaybooks:legacyAddOrUpdatePlaybookCategory
Adds a new playbook category or updates the metadata of an existing one.
legacyAiGenerate POST /v1alpha/{instance}/legacyPlaybooks:legacyAiGenerate
Generates a new playbook definition using Gemini AI based on a natural language user prompt.
legacyAiGenerateByAlert POST /v1alpha/{instance}/legacyPlaybooks:legacyAiGenerateByAlert
Generates a tailored playbook definition designed to respond to a specific security alert.
legacyAiUpdate POST /v1alpha/{instance}/legacyPlaybooks:legacyAiUpdate
Refines an existing playbook definition using Gemini AI based on a natural language prompt.
legacyAttachNestedWorkflowToCase POST /v1alpha/{instance}/legacyPlaybooks:legacyAttachNestedWorkflowToCase
Manually triggers a specific playbook block (nested workflow) for a given alert.
legacyAttachWorkflowToCase POST /v1alpha/{instance}/legacyPlaybooks:legacyAttachWorkflowToCase
Manually initiates a specific playbook for a given alert.
legacyCheckWorkflowNameInDifferentEnvironments POST /v1alpha/{instance}/legacyPlaybooks:legacyCheckWorkflowNameInDifferentEnvironments
Checks if the specified playbook name is already in use within any environment.
legacyCloneWorkflow POST /v1alpha/{instance}/legacyPlaybooks:legacyCloneWorkflow
Creates an exact copy of a playbook definition.
legacyCreateFeedback POST /v1alpha/{instance}/legacyPlaybooks:legacyCreateFeedback
Records user feedback (e.g., ratings and comments) for an AI-generated playbook.
legacyDeleteWorkflow POST /v1alpha/{instance}/legacyPlaybooks:legacyDeleteWorkflow
Permanently removes a single playbook definition.
legacyDeleteWorkflows POST /v1alpha/{instance}/legacyPlaybooks:legacyDeleteWorkflows
Deletes multiple playbook definitions in a single operation.
legacyDuplicateNestedWorkflows POST /v1alpha/{instance}/legacyPlaybooks:legacyDuplicateNestedWorkflows
Creates duplicates of multiple blocks in a single operation.
legacyDuplicateWorkflow POST /v1alpha/{instance}/legacyPlaybooks:legacyDuplicateWorkflow
Creates a duplicate of a playbook definition.
legacyDuplicateWorkflows POST /v1alpha/{instance}/legacyPlaybooks:legacyDuplicateWorkflows
Creates duplicates of multiple playbook definitions in a single operation.
legacyExecuteManualStep POST /v1alpha/{instance}/legacyPlaybooks:legacyExecuteManualStep
Executes a manual task within a playbook instance.
legacyExecuteStep POST /v1alpha/{instance}/legacyPlaybooks:legacyExecuteStep
Executes a single, specific step from a playbook definition.
legacyFetchActionResultsForSimulation POST /v1alpha/{instance}/legacyPlaybooks:legacyFetchActionResultsForSimulation
Returns the detailed outputs from a playbook simulation run.
legacyGetActionResultsOfWFId GET /v1alpha/{instance}/legacyPlaybooks:legacyGetActionResultsOfWFId
Returns the execution outputs and status for all steps within a specific playbook instance.
legacyGetAiGenerationStatusByAlert POST /v1alpha/{instance}/legacyPlaybooks:legacyGetAiGenerationStatusByAlert
Retrieves the status of a playbook generation process initiated for a security alert.
legacyGetCaseEntities GET /v1alpha/{instance}/legacyPlaybooks:legacyGetCaseEntities
Returns all security entities (e.g., hosts, users, files) associated with a specific case.
legacyGetContextGroupByKey GET /v1alpha/{instance}/legacyPlaybooks:legacyGetContextGroupByKey
Returns the context group associated with a specific key.
legacyGetDebugStepCaseData POST /v1alpha/{instance}/legacyPlaybooks:legacyGetDebugStepCaseData
Returns the simulated case data context for a specific playbook step.
legacyGetEnabledWFCards POST /v1alpha/{instance}/legacyPlaybooks:legacyGetEnabledWFCards
Returns a list of all playbooks that are currently enabled and ready for execution.
legacyGetEnabledWFNames GET /v1alpha/{instance}/legacyPlaybooks:legacyGetEnabledWFNames
Returns the display names of all playbooks that are currently enabled in the instance.
legacyGetHtmlViewPresets GET /v1alpha/{instance}/legacyPlaybooks:legacyGetHtmlViewPresets
Returns the list of predefined HTML view presets.
legacyGetNestedPlaybookParams GET /v1alpha/{instance}/legacyPlaybooks:legacyGetNestedPlaybookParams
Returns the input parameter definitions for a specified modular playbook block.
legacyGetNestedPlaybooksAsSteps GET /v1alpha/{instance}/legacyPlaybooks:legacyGetNestedPlaybooksAsSteps
Returns all blocks available for use as nested steps in a playbook.
legacyGetNestedPlaybooksByEnvironmentsAsSteps POST /v1alpha/{instance}/legacyPlaybooks:legacyGetNestedPlaybooksByEnvironmentsAsSteps
Returns all blocks available for use as nested steps in a playbook filtered by environments.
legacyGetNestedWorkflowDefaultInputs POST /v1alpha/{instance}/legacyPlaybooks:legacyGetNestedWorkflowDefaultInputs
Returns the most recently used or default input values for a specified playbook block.
legacyGetOverviewTemplate GET /v1alpha/{instance}/legacyPlaybooks:legacyGetOverviewTemplate
Returns a specific overview template by its identifier.
legacyGetOverviewTemplates POST /v1alpha/{instance}/legacyPlaybooks:legacyGetOverviewTemplates
Returns the set of overview templates associated with specific playbooks.
legacyGetPendingStep POST /v1alpha/{instance}/legacyPlaybooks:legacyGetPendingStep
Returns a specific pending playbook step by its associated alert identifier.
legacyGetPendingStepsCountForUser GET /v1alpha/{instance}/legacyPlaybooks:legacyGetPendingStepsCountForUser
Returns the total number of pending playbook steps pending to the assigned user.
legacyGetPendingStepsUserRelated GET /v1alpha/{instance}/legacyPlaybooks:legacyGetPendingStepsUserRelated
Returns all pending playbook steps (e.g., manual approvals or user inputs) that are assigned to or relevant for the assigned user.
legacyGetPlaybookSimulationEnrichment POST /v1alpha/{instance}/legacyPlaybooks:legacyGetPlaybookSimulationEnrichment
Returns the enrichment data results from a playbook simulation.
legacyGetPlaybookStatsMap POST /v1alpha/{instance}/legacyPlaybooks:legacyGetPlaybookStatsMap
Returns operational metrics for playbooks, including execution counts and performance distributions.
legacyGetPlaybooksUsingBlocks POST /v1alpha/{instance}/legacyPlaybooks:legacyGetPlaybooksUsingBlocks
Identifies and returns all playbooks that reference the specified block.
legacyGetTriggerTags POST /v1alpha/{instance}/legacyPlaybooks:legacyGetTriggerTags
Returns the set of tags configured as triggers for playbooks.
legacyGetWorkFlowVersionLogs POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkFlowVersionLogs
Returns the complete history of saved versions for a specific playbook definition.
legacyGetWorkflowCategories GET /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowCategories
Returns all playbook categories currently defined in the instance.
legacyGetWorkflowFullInfoByIdentifier GET /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowFullInfoByIdentifier
Returns the full configuration of a playbook, including its steps and connectivity logic, for a specific playbook identifier.
legacyGetWorkflowFullInfoWithEnvFilterByIdentifier GET /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowFullInfoWithEnvFilterByIdentifier
Returns the full playbook definition for an identifier, filtering its configuration based on the user's accessible environments.
legacyGetWorkflowInstance POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowInstance
Returns the specific runtime instance (either completed or pending) of a playbook associated with a given alert.
legacyGetWorkflowInstanceSummary POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowInstanceSummary
Returns a high-level summary of an executed playbook instance.
legacyGetWorkflowInstancesCards POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowInstancesCards
Returns the menu cards for all playbook instances associated with a specific case and alert combination.
legacyGetWorkflowMenuCard GET /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowMenuCard
Returns a single playbook definition for the specified identifier.
legacyGetWorkflowMenuCardWithEnvFilter GET /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowMenuCardWithEnvFilter
Returns a playbook definition for the identifier, with metadata adjusted according to the user's environment permissions.
legacyGetWorkflowMenuCards POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowMenuCards
Returns a list of playbook definitions, filtered by the requested playbook types.
legacyGetWorkflowMenuCardsWithEnvFilter POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowMenuCardsWithEnvFilter
Returns a list of available playbook definitions, specifically filtered by the environments the user has permission to access.
legacyGetWorkflowStepInstance POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowStepInstance
Returns the detailed execution metadata for a single specific step within a playbook instance.
legacyGetWorkflowsContainsActionAsync GET /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowsContainsActionAsync
Returns a list of all playbooks that include the specified action.
legacyGetWorkflowsInvolvingAction POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowsInvolvingAction
Returns all playbooks that include one or more of the specified actions.
legacyMoveDefinitionsToCategory POST /v1alpha/{instance}/legacyPlaybooks:legacyMoveDefinitionsToCategory
Reassigns one or more playbook definitions to a specified category.
legacyPermissions DELETE /v1alpha/{instance}/legacyPlaybooks:legacyPermissions
Removes all access permissions for the given workflow.
legacyPermissionsOptions POST /v1alpha/{instance}/legacyPlaybooks:legacyPermissionsOptions
Returns playbook access permission options.
legacyRemoveCategories POST /v1alpha/{instance}/legacyPlaybooks:legacyRemoveCategories
Removes multiple playbook categories in a single operation.
legacyRerunBlock POST /v1alpha/{instance}/legacyPlaybooks:legacyRerunBlock
Re-executes a specific playbook block on a given alert.
legacyRerunPlaybook POST /v1alpha/{instance}/legacyPlaybooks:legacyRerunPlaybook
Re-executes the associated playbook on a specific alert.
legacyRestoreWorkflowDefinition POST /v1alpha/{instance}/legacyPlaybooks:legacyRestoreWorkflowDefinition
Reverts a playbook's active configuration to a previously saved version.
legacyRunPlaybookInDebug POST /v1alpha/{instance}/legacyPlaybooks:legacyRunPlaybookInDebug
Executes a playbook in a simulation environment using provided test data.
legacySaveLogVersionOfWorkflowDefinitions POST /v1alpha/{instance}/legacyPlaybooks:legacySaveLogVersionOfWorkflowDefinitions
Creates a historical record (version snapshot) of the current playbook definition.
legacySaveWorkflowDefinitions POST /v1alpha/{instance}/legacyPlaybooks:legacySaveWorkflowDefinitions
Saves the configuration and step sequence of a playbook.
legacySkip POST /v1alpha/{instance}/legacyPlaybooks:legacySkip
Bypasses a pending manual task within a playbook instance.
legacyTerminateWorkflowInstance POST /v1alpha/{instance}/legacyPlaybooks:legacyTerminateWorkflowInstance
Immediately stops the execution of an in-progress playbook instance.
legacyTestPipeExample POST /v1alpha/{instance}/legacyPlaybooks:legacyTestPipeExample
Verifies the logical evaluation of a transformer using example input data.
legacyUpdateDefinitionsPriority POST /v1alpha/{instance}/legacyPlaybooks:legacyUpdateDefinitionsPriority
Adjusts the operational priority of one or more playbook definitions.

REST Resource: v1alpha.projects.locations.instances.legacyPublisher

Methods
legacyAddConnectorPackage POST /v1alpha/{instance}/legacyPublisher:legacyAddConnectorPackage
Uploads ingestion data from a remote agent to the Publisher.
legacyCloudLog POST /v1alpha/{instance}/legacyPublisher:legacyCloudLog
Sends operational logs from a remote agent to the SecOps instance for centralized auditing and troubleshooting.
legacyCreateConnectorPackage POST /v1alpha/{instance}/legacyPublisher:legacyCreateConnectorPackage
POST /upload/v1alpha/{instance}/legacyPublisher:legacyCreateConnectorPackage
Uploads ingestion data from a remote agent to the Publisher.
legacyDeleteIntegration POST /v1alpha/{instance}/legacyPublisher:legacyDeleteIntegration
Signals a remote agent to remove a specific integration and all its associated configuration.
legacyGetDependencyFile GET /v1alpha/{instance}/legacyPublisher:legacyGetDependencyFile
Retrieves a specific Python dependency or shared library required for executing an integration on a remote agent.
legacyGetHasLocallyScheduledRemoteConnectors GET /v1alpha/{instance}/legacyPublisher:legacyGetHasLocallyScheduledRemoteConnectors
Checks if a specific integration has any connectors that are configured to be scheduled and executed locally on the remote agent.
legacyGetInstaller GET /v1alpha/{instance}/legacyPublisher:legacyGetInstaller
Returns the binary installer file for the remote agent software.
legacyGetIntegrationDependencies GET /v1alpha/{instance}/legacyPublisher:legacyGetIntegrationDependencies
Retrieves the full set of functional dependencies required for a specific integration to operate correctly on a remote agent.
legacyGetLatestIntegrationVersion GET /v1alpha/{instance}/legacyPublisher:legacyGetLatestIntegrationVersion
Retrieves information about the latest available version of a specific integration.
legacyGetTaskData GET /v1alpha/{instance}/legacyPublisher:legacyGetTaskData
Retrieves the configuration or operational data required by a remote agent to perform a specific task.
legacyKeepAlive POST /v1alpha/{instance}/legacyPublisher:legacyKeepAlive
Sends a heartbeat message from a remote agent to the SecOps instance.
legacyListTasks GET /v1alpha/{instance}/legacyPublisher:legacyListTasks
Lists the set of pending tasks (e.g., action executions, integration updates) assigned to a specific remote agent.
legacyPing GET /v1alpha/{instance}/legacyPublisher:legacyPing
Performs a simple diagnostic check to verify the availability and responsiveness of a remote agent.
legacySetUpgradeInProgress POST /v1alpha/{instance}/legacyPublisher:legacySetUpgradeInProgress
Sets a flag indicating that a remote agent is currently undergoing a software upgrade.
legacyUpdateIntegrationStatus POST /v1alpha/{instance}/legacyPublisher:legacyUpdateIntegrationStatus
Updates the installation status of a specific integration on a remote agent.
legacyUpdateTask POST /v1alpha/{instance}/legacyPublisher:legacyUpdateTask
Updates the execution status and results of an assigned task on a remote agent.
legacyUpdateTaskResult POST /v1alpha/{instance}/legacyPublisher:legacyUpdateTaskResult
POST /upload/v1alpha/{instance}/legacyPublisher:legacyUpdateTaskResult
Updates the final result or output data for a completed remote task to the SecOps instance.

REST Resource: v1alpha.projects.locations.instances.legacySdk

Methods
legacyAddAgentConnectorLogs POST /v1alpha/{instance}/legacySdk:legacyAddAgentConnectorLogs
Uploads execution logs for a specific connector running on a remote agent.
legacyAddAgentLogs POST /v1alpha/{instance}/legacySdk:legacyAddAgentLogs
Uploads operational logs for a remote agent to the primary SecOps instance.
legacyAddAttachment POST /v1alpha/{instance}/legacySdk:legacyAddAttachment
Adds a new attachment to a specific case.
legacyAddComment POST /v1alpha/{instance}/legacySdk:legacyAddComment
Adds a comment to a case wall.
legacyAddEntitiesToCustomList POST /v1alpha/{instance}/legacySdk:legacyAddEntitiesToCustomList
Adds one or more entities to a specific custom list.
legacyAddOrUpdateCaseTask POST /v1alpha/{instance}/legacySdk:legacyAddOrUpdateCaseTask
Creates a new task or updates an existing one within a case.
legacyAddTag POST /v1alpha/{instance}/legacySdk:legacyAddTag
Adds a tag to a case.
legacyAlertFullDetails POST /v1alpha/{instance}/legacySdk:legacyAlertFullDetails
Returns the complete details for a specific alert, including all associated raw event data and its current suspicion status.
legacyAlertSourceFile GET /v1alpha/{instance}/legacySdk:legacyAlertSourceFile
Returns the raw source file content for a specific alert, if available from the original ingestion source.
legacyAlertsFullDetails GET /v1alpha/{instance}/legacySdk:legacyAlertsFullDetails
Returns the complete details for all alerts associated with a specific case.
legacyAlertsMetadata GET /v1alpha/{instance}/legacySdk:legacyAlertsMetadata
Returns the metadata for all alerts associated with a specific case.
legacyAlertsTicketIdsByCaseId GET /v1alpha/{instance}/legacySdk:legacyAlertsTicketIdsByCaseId
Returns all alert ticket identifiers associated with a specific case.
legacyAnyEntityInCustomList POST /v1alpha/{instance}/legacySdk:legacyAnyEntityInCustomList
Checks if any of the provided entities are currently present in a specific custom list.
legacyAssignUser POST /v1alpha/{instance}/legacySdk:legacyAssignUser
Assigns a case to a specific user.
legacyAttacheWorkflowToCase POST /v1alpha/{instance}/legacySdk:legacyAttacheWorkflowToCase
Manually initiates a specific response workflow (playbook) for a given security case.
legacyAttachmentData GET /v1alpha/{instance}/legacySdk:legacyAttachmentData
Returns the binary content of a specific attachment.
legacyAttachments GET /v1alpha/{instance}/legacySdk:legacyAttachments
Returns metadata for all attachments associated with a specific case.
legacyCaseFullDetails GET /v1alpha/{instance}/legacySdk:legacyCaseFullDetails
Returns the complete details for a specific case, including its constituent alerts, security entities, and execution history.
legacyCaseMetadata GET /v1alpha/{instance}/legacySdk:legacyCaseMetadata
Returns high-level metadata for a specific case, such as its title, priority level, and current status.
legacyChangeCaseStage POST /v1alpha/{instance}/legacySdk:legacyChangeCaseStage
Transitions a case to a different investigation stage (e.g., from Triage to Investigation).
legacyChangePriority POST /v1alpha/{instance}/legacySdk:legacyChangePriority
Updates the priority level of a specific case.
legacyCloseAlert POST /v1alpha/{instance}/legacySdk:legacyCloseAlert
Closes a specific alert within a case.
legacyCloseCase POST /v1alpha/{instance}/legacySdk:legacyCloseCase
Closes a specific case and all its constituent alerts.
legacyCreateCase POST /v1alpha/{instance}/legacySdk:legacyCreateCase
Creates a new investigation case.
legacyCreateCaseInsight POST /v1alpha/{instance}/legacySdk:legacyCreateCaseInsight
Creates a new insight (highlighted observation) for a case.
legacyCreateConnectorPackage POST /v1alpha/{instance}/legacySdk:legacyCreateConnectorPackage
Initiates the creation of a connector package for a specific integration.
legacyCreateEntity POST /v1alpha/{instance}/legacySdk:legacyCreateEntity
Manually adds a new entity to an alert in a case.
legacyGetAgentById GET /v1alpha/{instance}/legacySdk:legacyGetAgentById
Returns the technical configuration and operational health status for a specific remote agent.
legacyGetAlertsTicketIdsFromCasesClosedSinceTimestamp POST /v1alpha/{instance}/legacySdk:legacyGetAlertsTicketIdsFromCasesClosedSinceTimestamp
Returns the alert ticket identifiers associated with cases that were closed after the specified timestamp.
legacyGetAlertsToSync POST /v1alpha/{instance}/legacySdk:legacyGetAlertsToSync
Returns a list of alerts that are currently pending technical synchronization between SecOps and an external system (e.g., Chronicle SIEM).
legacyGetCaseClosureDetails POST /v1alpha/{instance}/legacySdk:legacyGetCaseClosureDetails
Returns the resolution details and closure metadata for a list of specified cases.
legacyGetCaseComments GET /v1alpha/{instance}/legacySdk:legacyGetCaseComments
Returns all comments and wall activities associated with a specific case.
legacyGetCaseTasks GET /v1alpha/{instance}/legacySdk:legacyGetCaseTasks
Returns all technical analyst requirements (tasks) associated with a specific case.
legacyGetCasesByFilter POST /v1alpha/{instance}/legacySdk:legacyGetCasesByFilter
Returns a list of case identifiers matching the provided legacy filter criteria.
legacyGetCasesByRequest POST /v1alpha/{instance}/legacySdk:legacyGetCasesByRequest
Returns cases matching the provided criteria.
legacyGetCasesIdByFilter POST /v1alpha/{instance}/legacySdk:legacyGetCasesIdByFilter
Returns a list of technical case identifiers matching the provided legacy filter criteria.
legacyGetConnectorParameters GET /v1alpha/{instance}/legacySdk:legacyGetConnectorParameters
Returns the current technical configuration parameters for a specific connector instance.
legacyGetContextProperty POST /v1alpha/{instance}/legacySdk:legacyGetContextProperty
Returns the technical metadata value associated with a specific key from a given investigative context.
legacyGetCurrentSiemplifyVersion GET /v1alpha/{instance}/legacySdk:legacyGetCurrentSiemplifyVersion
Returns the technical version identifier for the active SecOps platform instance.
legacyGetCustomListCategories GET /v1alpha/{instance}/legacySdk:legacyGetCustomListCategories
Returns the technical categories used to organize and manage custom watchlists and allowlists.
legacyGetFailedActions GET /v1alpha/{instance}/legacySdk:legacyGetFailedActions
Returns technical details for playbook actions that have failed within a specified timeframe.
legacyGetFailedConnectors POST /v1alpha/{instance}/legacySdk:legacyGetFailedConnectors
Returns technical metadata for ingestion connectors that have experienced malfunctions or stopped processing data.
legacyGetFailedETLOperations GET /v1alpha/{instance}/legacySdk:legacyGetFailedETLOperations
Returns a list of technical ETL (Extract, Transform, Load) operations that have failed during background processing.
legacyGetFailedJobs GET /v1alpha/{instance}/legacySdk:legacyGetFailedJobs
Returns technical metadata for background system jobs that have failed to complete successfully.
legacyGetIntegrationVersion GET /v1alpha/{instance}/legacySdk:legacyGetIntegrationVersion
Returns the technical version identifier for a specific installed integration.
legacyGetProxySettings GET /v1alpha/{instance}/legacySdk:legacyGetProxySettings
Returns the technical network configuration (proxy settings) used by the platform for external investigative communication.
legacyGetPublisherById GET /v1alpha/{instance}/legacySdk:legacyGetPublisherById
Returns technical metadata for a specific remote agent publisher by its identifier.
legacyGetRemoteConnectorsKeysMap GET /v1alpha/{instance}/legacySdk:legacyGetRemoteConnectorsKeysMap
Returns the technical mapping keys for remote connectors associated with a specified publisher.
legacyGetSimilarCasesIds POST /v1alpha/{instance}/legacySdk:legacyGetSimilarCasesIds
Returns a list of case identifiers for cases that are determined to be similar to the provided criteria.
legacyGetSyncAlerts POST /v1alpha/{instance}/legacySdk:legacyGetSyncAlerts
Returns comprehensive technical metadata for a set of alerts (detection events) matching synchronization criteria.
legacyGetSyncCases POST /v1alpha/{instance}/legacySdk:legacyGetSyncCases
Returns comprehensive investigative data for a set of cases matching technical synchronization criteria.
legacyGetUpdatedSyncAlertsMetadata POST /v1alpha/{instance}/legacySdk:legacyGetUpdatedSyncAlertsMetadata
Returns technical metadata for alerts whose tracked fields have been updated within a specified timeframe.
legacyGetUpdatedSyncCasesMetadata POST /v1alpha/{instance}/legacySdk:legacyGetUpdatedSyncCasesMetadata
Returns technical metadata for cases whose tracked fields have been updated.
legacyGetUserFullName GET /v1alpha/{instance}/legacySdk:legacyGetUserFullName
Returns the display name (full name) for a specified SecOps user.
legacyIntegrationConfiguration GET /v1alpha/{instance}/legacySdk:legacyIntegrationConfiguration
Returns the technical configuration settings for a specific installed integration.
legacyMarkAsImportant POST /v1alpha/{instance}/legacySdk:legacyMarkAsImportant
Marks a case as important (flagged).
legacyRaiseIncident POST /v1alpha/{instance}/legacySdk:legacyRaiseIncident
Escalates a specific investigation case to a formal incident.
legacyRemoveEntitiesFromCustomList POST /v1alpha/{instance}/legacySdk:legacyRemoveEntitiesFromCustomList
Removes one or more technical entities from a specific custom list.
legacySendEmailWithAttachment POST /v1alpha/{instance}/legacySdk:legacySendEmailWithAttachment
Shares one or more technical investigative artifacts (attachments) via email to specified recipients.
legacySendSystemNotification POST /v1alpha/{instance}/legacySdk:legacySendSystemNotification
Broadcasts a technical system notification to specified SecOps users.
legacySetAlertSla POST /v1alpha/{instance}/legacySdk:legacySetAlertSla
Configures the technical Service Level Agreement (SLA) target for a specific alert.
legacySetCaseSla POST /v1alpha/{instance}/legacySdk:legacySetCaseSla
Configures the technical Service Level Agreement (SLA) target for an entire investigation case.
legacySetContextProperty POST /v1alpha/{instance}/legacySdk:legacySetContextProperty
Configures a technical metadata value for a specific key within an investigative context.
legacySystemInfo GET /v1alpha/{instance}/legacySdk:legacySystemInfo
Returns comprehensive technical information about the current state, configuration, and health of the SecOps platform instance.
legacyTrySetContextProperty POST /v1alpha/{instance}/legacySdk:legacyTrySetContextProperty
Attempts to set a technical metadata value for a specific key within an investigative context, returning success or failure based on the operation's outcome.
legacyUnraiseIncident POST /v1alpha/{instance}/legacySdk:legacyUnraiseIncident
Reverts a formal incident back to a standard technical investigation case.
legacyUpdateAlertPriority POST /v1alpha/{instance}/legacySdk:legacyUpdateAlertPriority
Updates the priority level of a specific alert.
legacyUpdateAlertsAdditional POST /v1alpha/{instance}/legacySdk:legacyUpdateAlertsAdditional
Updates the additional data fields associated with a specific alert.
legacyUpdateBatchCasesExternalCaseIds POST /v1alpha/{instance}/legacySdk:legacyUpdateBatchCasesExternalCaseIds
Performs a technical bulk update of internal case identifiers with their corresponding external ticketing system identifiers.
legacyUpdateCaseScore PATCH /v1alpha/{instance}/legacySdk:legacyUpdateCaseScore
Updates the technical risk score for a specific investigation case.
legacyUpdateConfigurationProperty PUT /v1alpha/{instance}/legacySdk:legacyUpdateConfigurationProperty
Updates a configuration property for a specific integration.
legacyUpdateConnectorParameter PUT /v1alpha/{instance}/legacySdk:legacyUpdateConnectorParameter
Updates a dynamic parameter for a specific connector instance.
legacyUpdateEntities POST /v1alpha/{instance}/legacySdk:legacyUpdateEntities
Updates the technical metadata for one or more security entities.
legacyUpdateNewAlertsSyncStatus POST /v1alpha/{instance}/legacySdk:legacyUpdateNewAlertsSyncStatus
Updates the technical synchronization status for a set of new alerts.

REST Resource: v1alpha.projects.locations.instances.legacySearches

Methods
download GET /v1alpha/{name}/legacySearches:legacyGetSearchResultsAsCsv
Exports case search results to a CSV file.
legacyCaseSearchEverything POST /v1alpha/{instance}/legacySearches:legacyCaseSearchEverything
Performs a search for security cases matching the provided criteria.
legacyCaseSearchEverythingByIds POST /v1alpha/{instance}/legacySearches:legacyCaseSearchEverythingByIds
Returns search results for a specific set of security cases identified by their unique IDs.
legacyEntitySearchCount POST /v1alpha/{instance}/legacySearches:legacyEntitySearchCount
Returns the total count of security entities matching the provided search criteria.
legacyEntitySearchEntities POST /v1alpha/{instance}/legacySearches:legacyEntitySearchEntities
Returns a paginated list of security entities matching the provided search criteria.
legacyEntitySearchEverything POST /v1alpha/{instance}/legacySearches:legacyEntitySearchEverything
Performs a comprehensive search for security entities matching the provided criteria.
legacyGetCasesFilterUserAndRoles POST /v1alpha/{instance}/legacySearches:legacyGetCasesFilterUserAndRoles
Returns user profiles and SOC roles that match specified case filtering criteria.
legacyGetCasesFilterValues POST /v1alpha/{instance}/legacySearches:legacyGetCasesFilterValues
Returns the set of valid values for a specific case filtering dimension (e.g., tags, environments).
legacyGetEntitiesFilterValues POST /v1alpha/{instance}/legacySearches:legacyGetEntitiesFilterValues
Returns the set of valid values for a specific security entity filtering dimension (e.g., networks, countries).

REST Resource: v1alpha.projects.locations.instances.legacySoarAudit

Methods
legacyExportAuditLastWeekAsCsvV2 POST /v1alpha/{instance}/legacySoarAudit:legacyExportAuditLastWeekAsCsvV2
Exports the audit logs for the last week as a CSV file for download.
legacyGetAuditDataV2 POST /v1alpha/{instance}/legacySoarAudit:legacyGetAuditDataV2
Retrieves a paginated list of audit logs and statistical data from SecOps.

REST Resource: v1alpha.projects.locations.instances.legacySoarDashboard

Methods
legacyAddOrUpdateDashboard POST /v1alpha/{instance}/legacySoarDashboard:legacyAddOrUpdateDashboard
Adds a new dashboard or updates an existing one (determined by dashboard identifier).
legacyAddOrUpdateDashboardWidget POST /v1alpha/{instance}/legacySoarDashboard:legacyAddOrUpdateDashboardWidget
Adds a new dashboard widget or updates an existing one (determined by widget identifier).
legacyDeleteDashboard POST /v1alpha/{instance}/legacySoarDashboard:legacyDeleteDashboard
Deletes a dashboard and all its associated widgets.
legacyDeleteDashboardWidget POST /v1alpha/{instance}/legacySoarDashboard:legacyDeleteDashboardWidget
Deletes a specific dashboard widget.
legacyGetCasesTimeToRespond GET /v1alpha/{instance}/legacySoarDashboard:legacyGetCasesTimeToRespond
Returns the average time taken to respond to cases within a specific dashboard, filtered by the provided time range.
legacyGetDashboard POST /v1alpha/{name}/legacySoarDashboard:legacyGetDashboard
Returns a detailed data model of a dashboard identified by its ID, including its configuration, allowed environments, and all contained widgets.
legacyGetDashboardCards GET /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardCards
Returns a mapping of dashboard IDs to their names for all dashboards accessible by the requesting user.
legacyGetDashboardCustomWidgetCaseIds POST /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardCustomWidgetCaseIds
Returns a list of case IDs associated with a custom widget.
legacyGetDashboardPlaybookRuns POST /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardPlaybookRuns
Returns a list of recent playbook runs associated with a specific dashboard widget.
legacyGetDashboardPlaybooks GET /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardPlaybooks
Returns a list of playbooks that have available data for dashboard reporting.
legacyGetDashboardWidgetCaseIds POST /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardWidgetCaseIds
Returns a list of case IDs involved in the widgets presented in the dashboard.
legacyGetDashboardWidgetDefinitions GET /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardWidgetDefinitions
Returns all available widget definitions that can be used to construct a dashboard.
legacyGetDashboardWidgetValues POST /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardWidgetValues
Returns the calculated data series and values for a specific dashboard widget.
legacyGetOpenedAndClosedCasesTrends GET /v1alpha/{instance}/legacySoarDashboard:legacyGetOpenedAndClosedCasesTrends
Returns the historical trends of opened versus closed cases over a specified time period.
legacyGetPlaybookMonitoring POST /v1alpha/{instance}/legacySoarDashboard:legacyGetPlaybookMonitoring
Returns a monitoring-focused dashboard view for a specific playbook.
legacyImportDashboard POST /v1alpha/{instance}/legacySoarDashboard:legacyImportDashboard
Imports a dashboard configuration from a JSON file.
legacySaveDashboardAsReportTemplate POST /v1alpha/{instance}/legacySoarDashboard:legacySaveDashboardAsReportTemplate
Saves the current dashboard configuration as a report template.

REST Resource: v1alpha.projects.locations.instances.legacySoarIdpMappingGroups

Methods
batchUpdate POST /v1alpha/{parent}/legacySoarIdpMappingGroups:batchUpdate
Updates multiple IDP mapping groups in a single batch operation, allowing for efficient management of large numbers of mappings.
create POST /v1alpha/{parent}/legacySoarIdpMappingGroups
Creates a new IDP mapping group to define how users from an external identity provider should be provisioned and restricted within the SecOps platform.
delete DELETE /v1alpha/{name}
Deletes an IDP mapping group, removing the mapping between the external IdP group and SecOps resources.
get GET /v1alpha/{name}
Retrieves a detailed configuration of a specific IDP mapping group identified by its resource name.
getExternalProviders GET /v1alpha/{name}/legacySoarIdpMappingGroups:getExternalProviders
Retrieves the external identity providers configured for the system.
list GET /v1alpha/{parent}/legacySoarIdpMappingGroups
Returns a paginated list of all IDP mapping groups within a specific SecOps instance.
patch PATCH /v1alpha/{legacySoarIdpMappingGroup.name}
Updates an existing IDP mapping group.
updateDefaultAccessSettings POST /v1alpha/{name}/legacySoarIdpMappingGroups:updateDefaultAccessSettings
Updates the default access settings for an external identity provider.

REST Resource: v1alpha.projects.locations.instances.legacySoarPermissionGroups

Methods
list GET /v1alpha/{parent}/legacySoarPermissionGroups
Lists LegacySoarPermissionGroups.

REST Resource: v1alpha.projects.locations.instances.legacySoarReports

Methods
download GET /v1alpha/{name}/legacySoarReports:legacyGenerateReportTemplate
Triggers the immediate generation of a report file (e.g., PDF, DOC) based on a specific template and provided filters like environments and time ranges.
legacyAddOrUpdateReportSchedule POST /v1alpha/{instance}/legacySoarReports:legacyAddOrUpdateReportSchedule
Adds a new report schedule or updates an existing one.
legacyAddOrUpdateReportTemplate POST /v1alpha/{instance}/legacySoarReports:legacyAddOrUpdateReportTemplate
Adds a new report template or updates an existing one.
legacyAddOrUpdateReportWidget POST /v1alpha/{instance}/legacySoarReports:legacyAddOrUpdateReportWidget
Adds a new report widget or updates an existing one.
legacyDeleteReportSchedule GET /v1alpha/{instance}/legacySoarReports:legacyDeleteReportSchedule
Deletes an existing report schedule, stopping any further automated generation and distribution of the associated report.
legacyDuplicateReportTemplate POST /v1alpha/{instance}/legacySoarReports:legacyDuplicateReportTemplate
Creates a copy of an existing report template.
legacyGetAdvancedReports GET /v1alpha/{instance}/legacySoarReports:legacyGetAdvancedReports
Retrieves a list of available advanced reports.
legacyGetReportSchedules POST /v1alpha/{instance}/legacySoarReports:legacyGetReportSchedules
Returns a list of all configured report schedules, providing visibility into automated report generation tasks.
legacyGetReportTemplates GET /v1alpha/{instance}/legacySoarReports:legacyGetReportTemplates
Returns a list of all report templates defined in the system.
legacyImportReportTemplate POST /v1alpha/{instance}/legacySoarReports:legacyImportReportTemplate
Imports a report template configuration from an external file.
legacyRefreshAdvancedReports GET /v1alpha/{instance}/legacySoarReports:legacyRefreshAdvancedReports
Triggers a refresh of the data within advanced reports to ensure the presented information is up-to-date.
legacyRemoveReportTemplate GET /v1alpha/{instance}/legacySoarReports:legacyRemoveReportTemplate
Deletes an existing report template and its associated layout and widget definitions.
legacyRemoveReportWidget GET /v1alpha/{instance}/legacySoarReports:legacyRemoveReportWidget
Deletes a specific report widget from its associated template.
legacyShareAdvancedReport POST /v1alpha/{instance}/legacySoarReports:legacyShareAdvancedReport
Updates the sharing settings for an advanced report, allowing specified users or groups to access and view its data.
legacyUploadAdvancedReport POST /v1alpha/{instance}/legacySoarReports:legacyUploadAdvancedReport
Uploads an external report file to be integrated and used as an advanced report within the SecOps platform.

REST Resource: v1alpha.projects.locations.instances.legacySoarSettings

Methods
legacyAddVisualSummaryRecords POST /v1alpha/{instance}/legacySoarSettings:legacyAddVisualSummaryRecords
Adds new field metadata for visual summaries.
legacyGetAllEnvironmentCards POST /v1alpha/{instance}/legacySoarSettings:legacyGetAllEnvironmentCards
LegacyGetAllEnvironmentCards returns all the environment cards.
legacyGetAllPlaybookActionDefinitions GET /v1alpha/{instance}/legacySoarSettings:legacyGetAllPlaybookActionDefinitions
Returns all playbook action definitions across all installed integrations that are accessible to the user.
legacyGetCaseAlertPlaybookTriggerFilterValues GET /v1alpha/{instance}/legacySoarSettings:legacyGetCaseAlertPlaybookTriggerFilterValues
Returns all available filter values for case alert playbook triggers.
legacyGetCaseAlertTypeFilterValues GET /v1alpha/{instance}/legacySoarSettings:legacyGetCaseAlertTypeFilterValues
Returns all available alert type filter values.
legacyGetCustomActionDetailsById GET /v1alpha/{instance}/legacySoarSettings:legacyGetCustomActionDetailsById
Returns comprehensive details for a specific custom action identified by its id, including its script, parameters, and associated integration instances.
legacyGetDataSourcesForGroupingRule POST /v1alpha/{instance}/legacySoarSettings:legacyGetDataSourcesForGroupingRule
Returns a paginated list of data sources that can be used as criteria for alert grouping rules.
legacyGetEnvironmentActionDefinitions POST /v1alpha/{instance}/legacySoarSettings:legacyGetEnvironmentActionDefinitions
Returns a list of playbook action definitions specifically configured or available for a given set of environments.
legacyGetEnvironmentStatistics POST /v1alpha/{instance}/legacySoarSettings:legacyGetEnvironmentStatistics
Returns high-level statistics for a specific environment, including the number of playbooks, integrations, connectors, report schedules, and active agents.
legacyGetPlaybookActionDefinitions POST /v1alpha/{instance}/legacySoarSettings:legacyGetPlaybookActionDefinitions
Returns a list of action definitions available for the specified environments.
legacyGetProductsForGroupingRule POST /v1alpha/{instance}/legacySoarSettings:legacyGetProductsForGroupingRule
Returns a paginated list of reporting products available for alert grouping rules.
legacyGetSystemEventEntityTypes GET /v1alpha/{instance}/legacySoarSettings:legacyGetSystemEventEntityTypes
Returns a list of all entity types supported by the system for event processing and categorization.
legacyGetTimeZones GET /v1alpha/{instance}/legacySoarSettings:legacyGetTimeZones
Returns a comprehensive list of time zones supported by the platform, including their IDs, country names, and UTC offsets.
legacyGetUserRegistrationSettings GET /v1alpha/{instance}/legacySoarSettings:legacyGetUserRegistrationSettings
Returns settings related to user registration and onboarding, such as whether email invitations are enabled for new users.
legacyGetVisualSummaryRecords GET /v1alpha/{instance}/legacySoarSettings:legacyGetVisualSummaryRecords
Returns all configured visual summary field metadata records.
legacyIsPermittedToEnvironment GET /v1alpha/{instance}/legacySoarSettings:legacyIsPermittedToEnvironment
Checks if the requesting user has the necessary permissions to access and operate within a specific environment.
legacyTestEmailSettings POST /v1alpha/{instance}/legacySoarSettings:legacyTestEmailSettings
Tests the configured email settings by attempting to connect to the SMTP server and send a test message.
legacyUploadCustomActionResultJson POST /v1alpha/{instance}/legacySoarSettings:legacyUploadCustomActionResultJson
Uploads an example JSON result for a specific custom action.

REST Resource: v1alpha.projects.locations.instances.legacySoarUsers

Methods
delete DELETE /v1alpha/{name}
Permanently deletes a user account identified by their resource name.
get GET /v1alpha/{name}
Retrieves detailed information about a specific user identified by their resource name.
getLocalization GET /v1alpha/{name}
Gets the localization settings for a specific user.
getNotificationSettings GET /v1alpha/{name}
Gets the notification settings for a specific user.
list GET /v1alpha/{parent}/legacySoarUsers
Returns a paginated list of users within a SecOps instance.
updateLocalization PATCH /v1alpha/{userLocalization.name}
Updates the localization settings for a specific user.
updateNotificationSettings PATCH /v1alpha/{notificationSettings.name}
Updates the notification settings for a specific user.

REST Resource: v1alpha.projects.locations.instances.legacySoarUsers.attachments

Methods
delete DELETE /v1alpha/{name}
Deletes an Attachment.
download GET /v1alpha/{name}:download
Exports (downloads) an Attachment's raw content.
get GET /v1alpha/{name}
Gets a single Attachment by its resource name.
list GET /v1alpha/{parent}/attachments
Lists Attachments belonging to a specific user.
upload POST /v1alpha/{parent}/attachments:create
POST /upload/v1alpha/{parent}/attachments:create
Creates a new Attachment by uploading a file.

REST Resource: v1alpha.projects.locations.instances.legacySoarUsers.userNotifications

Methods
count GET /v1alpha/{parent}/userNotifications:count
Counts and returns the total number of unread notifications for a specific user.
get GET /v1alpha/{name}
Gets a specific user notification.
list GET /v1alpha/{parent}/userNotifications
Lists notifications for a specific user.
markAsRead POST /v1alpha/{parent}/userNotifications:markAsRead
Marks specified user notifications as read.

REST Resource: v1alpha.projects.locations.instances.legacySoarUsers.workdeskContacts

Methods
create POST /v1alpha/{parent}/workdeskContacts
Creates a new workdesk contact for a specific user.
delete DELETE /v1alpha/{name}
Deletes an existing workdesk contact.
get GET /v1alpha/{name}
Gets a specific workdesk contact.
list GET /v1alpha/{parent}/workdeskContacts
Lists workdesk contacts for a specific user.
patch PATCH /v1alpha/{workdeskContact.name}
Updates an existing workdesk contact.

REST Resource: v1alpha.projects.locations.instances.legacySoarUsers.workdeskNotes

Methods
create POST /v1alpha/{parent}/workdeskNotes
Creates a new workdesk note for a specific user.
delete DELETE /v1alpha/{name}
Deletes an existing workdesk note.
get GET /v1alpha/{name}
Gets a specific workdesk note.
list GET /v1alpha/{parent}/workdeskNotes
Lists workdesk notes for a specific user.
patch PATCH /v1alpha/{workdeskNote.name}
Updates an existing workdesk note.

REST Resource: v1alpha.projects.locations.instances.legacySystem

Methods
legacyGetLicenseStatus GET /v1alpha/{instance}/legacySystem:legacyGetLicenseStatus
Returns the current status of the SecOps license.
legacyGetMaximumDataRetentionValue GET /v1alpha/{instance}/legacySystem:legacyGetMaximumDataRetentionValue
Returns the maximum data retention period allowed by the current license, expressed in months.
legacyGetSystemVersion GET /v1alpha/{instance}/legacySystem:legacyGetSystemVersion
Returns the current version of the SecOps platform.

REST Resource: v1alpha.projects.locations.instances.legacySystemMetadata

Methods
placeholders GET /v1alpha/{instance}/legacySystemMetadata:placeholders
Returns a list of available placeholder names for a specific category (e.g., ALERT, CASE, ENTITY).

REST Resource: v1alpha.projects.locations.instances.logProcessingPipelines

Methods
associateStreams POST /v1alpha/{name}:associateStreams
Maps a set of streams to a log processing pipeline.
create POST /v1alpha/{parent}/logProcessingPipelines
Create a new LogProcessingPipeline
delete DELETE /v1alpha/{name}
Deletes a LogProcessingPipeline configuration.
dissociateStreams POST /v1alpha/{name}:dissociateStreams
Unmaps a set of streams from a log processing pipeline.
fetchAssociatedPipeline GET /v1alpha/{parent}/logProcessingPipelines:fetchAssociatedPipeline
Fetch LogProcessingPipeline, if any, is associated with a given stream.
fetchSampleLogsByStreams POST /v1alpha/{parent}/logProcessingPipelines:fetchSampleLogsByStreams
FetchSampleLogsByStreams previews sample unprocessed logs for a given log processing pipeline.
get GET /v1alpha/{name}
Get details of a specific LogProcessingPipeline.
list GET /v1alpha/{parent}/logProcessingPipelines
Lists LogProcessingPipeline configurations in a given project, location and SecOps instance.
patch PATCH /v1alpha/{logProcessingPipeline.name}
Updates an existing LogProcessingPipeline configuration.
testPipeline POST /v1alpha/{parent}/logProcessingPipelines:testPipeline
TestPipeline previews processed logs for a given log processing pipeline for a given input sample logs.

REST Resource: v1alpha.projects.locations.instances.logTypes

Methods
create POST /v1alpha/{parent}/logTypes
Create LogType.
generateEventTypesSuggestions POST /v1alpha/{logtype}:generateEventTypesSuggestions
GenerateEventTypesSuggestions generates event types suggestions that can be mapped by a lowcode parser.
getLogTypeSetting GET /v1alpha/{name}
Gets a LogTypeSetting.
legacySubmitParserExtension POST /v1alpha/{parent}:legacySubmitParserExtension
LegacySubmitParserExtension creates validates and then makes the extension live.
list GET /v1alpha/{parent}/logTypes
Lists all LogTypes.
runAnalysis POST /v1alpha/{name}:runAnalysis
Initiates a Downstream Impact Detection (DID) analysis.
runParser POST /v1alpha/{logtype}:runParser
RunParser runs the parser against a log and returns normalized events or any error that occurred during the normalization.
updateLogTypeSetting PATCH /v1alpha/{logTypeSetting.name}
UpdateLogTypeSetting updates the log type setting for a log type.

REST Resource: v1alpha.projects.locations.instances.logTypes.analysisReports

Methods
get GET /v1alpha/{name}
GetParserAnalysisReport gets an analysis report.
list GET /v1alpha/{parent}/analysisReports
ListParserAnalysisReports lists analysis reports.

REST Resource: v1alpha.projects.locations.instances.logTypes.logTypeSettings

Methods
list GET /v1alpha/{parent}/logTypeSettings
Lists all LogTypeSettings.

REST Resource: v1alpha.projects.locations.instances.logTypes.logs

Methods
import POST /v1alpha/{parent}/logs:import
Import log telemetry.
list GET /v1alpha/{parent}/logs
Lists all Logs.

REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions

Methods
activate POST /v1alpha/{name}:activate
ActivateParserExtension switches the customer to use requested parser extension, This will set the extension state to ACTIVE.
create POST /v1alpha/{parent}/parserExtensions
Create a parser extension.
delete DELETE /v1alpha/{name}
Delete a parser extension.
get GET /v1alpha/{name}
Get a parser extension.
list GET /v1alpha/{parent}/parserExtensions
List all parser extensions.

REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions.extensionValidationReports

Methods
get GET /v1alpha/{name}
Get a parser vaildation report.
list GET /v1alpha/{parent}/extensionValidationReports
List all parser validation reports for a parser extension.

REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions.extensionValidationReports.validationErrors

Methods
list GET /v1alpha/{parent}/validationErrors
List validation errors of a parser extension validation report.

REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions.validationReports

Methods
get GET /v1alpha/{name}
Get a validation report.

REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions.validationReports.parsingErrors

Methods
list GET /v1alpha/{parent}/parsingErrors
List parsing errors of a validation report.

REST Resource: v1alpha.projects.locations.instances.logTypes.parsers

Methods
activate POST /v1alpha/{name}:activate
ActivateParser switches the customer to use requested parser, This will set the Parser state to ACTIVE.
activateReleaseCandidateParser POST /v1alpha/{name}:activateReleaseCandidateParser
ActivateReleaseCandidateParser makes the release candidate parser live for that customer.
copy POST /v1alpha/{name}:copy
CopyPrebuiltParser makes a copy of a prebuilt parser.
create POST /v1alpha/{parent}/parsers
Create a parser.
deactivate POST /v1alpha/{name}:deactivate
DeactivateParser deactivates the requested parser, and activates the prebuilt release parser.
delete DELETE /v1alpha/{name}
Delete a parser.
fetchParserCandidates GET /v1alpha/{name}/parsers:fetchParserCandidates
FetchParserCandidates fetches the parser candidates for a given log type.
get GET /v1alpha/{name}
Get a parser.
list GET /v1alpha/{parent}/parsers
List all parsers.
patch PATCH /v1alpha/{parser.name}
Update a parser.
runAnalysis POST /v1alpha/{name}:runAnalysis
Initiates a Downstream Impact Detection (DID) analysis.

REST Resource: v1alpha.projects.locations.instances.logTypes.parsers.analysisReports

Methods
get GET /v1alpha/{name}
GetParserAnalysisReport gets an analysis report.
list GET /v1alpha/{parent}/analysisReports
ListParserAnalysisReports lists analysis reports.

REST Resource: v1alpha.projects.locations.instances.logTypes.parsers.validationReports

Methods
get GET /v1alpha/{name}
Get a validation report.

REST Resource: v1alpha.projects.locations.instances.logTypes.parsers.validationReports.parsingErrors

Methods
list GET /v1alpha/{parent}/parsingErrors
List parsing errors of a validation report.

REST Resource: v1alpha.projects.locations.instances.logs

Methods
classify POST /v1alpha/{parent}/logs:classify
Classify the logs to the corresponding logType.

REST Resource: v1alpha.projects.locations.instances.managedDomainSettings

Methods
addManagedDomain POST /v1alpha/{name}:addManagedDomain
Adds a domain to the customer's ManagedDomainSettings.
removeManagedDomain POST /v1alpha/{name}:removeManagedDomain
Removes a domain from the customer's ManagedDomainSettings.

REST Resource: v1alpha.projects.locations.instances.marketplaceIntegrations

Methods
fetchCommercialDiff GET /v1alpha/{name}:fetchCommercialDiff
Retrieves the differences between the currently installed version of an integration and the commercial version available in the marketplace.
get GET /v1alpha/{name}
Retrieves detailed metadata for a specific marketplace integration identified by its resource name.
install POST /v1alpha/{parent}:install
Installs a specific version of a marketplace integration into a SecOps instance.
list GET /v1alpha/{parent}/marketplaceIntegrations
Returns a paginated list of integrations available in the SecOps Marketplace.
uninstall POST /v1alpha/{name}:uninstall
Uninstalls a previously installed marketplace integration, removing its components and configuration from the SecOps instance.

REST Resource: v1alpha.projects.locations.instances.metricDefinitions

Methods
create POST /v1alpha/{parent}/metricDefinitions
Creates a new MetricDefinition.
get GET /v1alpha/{name}
Get a MetricDefinition for a given instance and metric definition resourcename.
list GET /v1alpha/{parent}/metricDefinitions
List all MetricDefinitions for a given instance.
patch PATCH /v1alpha/{metricDefinition.name}
Updates a MetricDefinition.

REST Resource: v1alpha.projects.locations.instances.moduleSettings

Methods
get GET /v1alpha/{name}
Gets a single ModuleSettings resource.
list GET /v1alpha/{parent}/moduleSettings
Lists available ModuleSettings resources.
rebrandingSettings GET /v1alpha/{parent}/moduleSettings:rebrandingSettings
Retrieves the branding and visual customization settings for the SecOps platform.

REST Resource: v1alpha.projects.locations.instances.moduleSettings.properties

Methods
batchUpdate POST /v1alpha/{parent}/properties:batchUpdate
Updates multiple properties within a single module.
get GET /v1alpha/{name}
Gets a single ModuleSettingsProperty.
list GET /v1alpha/{parent}/properties
Lists all properties of a given module setting.
patch PATCH /v1alpha/{moduleSettingsProperty.name}
Updates a single property of a module setting.
testSettings POST /v1alpha/{parent}/properties:testSettings
Tests the provided configuration properties.

REST Resource: v1alpha.projects.locations.instances.nativeDashboards

Methods
addChart POST /v1alpha/{name}:addChart
Add chart in a dashboard.
create POST /v1alpha/{parent}/nativeDashboards
Create a dashboard.
delete DELETE /v1alpha/{name}
Delete a dashboard.
duplicate POST /v1alpha/{name}:duplicate
Duplicate a dashboard.
duplicateChart POST /v1alpha/{name}:duplicateChart
Duplicate chart in a dashboard.
editChart POST /v1alpha/{name}:editChart
Edit chart in a dashboard.
export POST /v1alpha/{parent}/nativeDashboards:export
Exports the dashboards.
get GET /v1alpha/{name}
Get a dashboard.
import POST /v1alpha/{parent}/nativeDashboards:import
Imports the dashboards.
list GET /v1alpha/{parent}/nativeDashboards
List all dashboards.
patch PATCH /v1alpha/{nativeDashboard.name}
Update a dashboard.
removeChart POST /v1alpha/{name}:removeChart
Remove chart from a dashboard.

REST Resource: v1alpha.projects.locations.instances.notebooks

Methods
get GET /v1alpha/{name}
GetNotebook is used to retrieve an notebook.
list GET /v1alpha/{parent}/notebooks
ListNotebooks is used to retrieve existing notebooks for a given instance.

REST Resource: v1alpha.projects.locations.instances.ontologyRecords

Methods
delete DELETE /v1alpha/{name}
Deletes an ontology record.
export POST /v1alpha/{parent}/ontologyRecords:export
Exports selected ontology records as a ZIP file.
family GET /v1alpha/{parent}/ontologyRecords:family
Returns the visual family currently associated with a specific data source, product, and event_name.
get GET /v1alpha/{name}
Gets a single specific ontology record by its name.
import POST /v1alpha/{parent}/ontologyRecords:import
Imports multiple ontology records from a ZIP file.
list GET /v1alpha/{parent}/ontologyRecords
Lists all ontology records defined in the instance.
patch PATCH /v1alpha/{ontologyRecord.name}
Updates an existing ontology record.
statistics GET /v1alpha/{parent}/ontologyRecords:statistics
Returns high-level statistics about ontology records in the instance.

REST Resource: v1alpha.projects.locations.instances.ontologyRecords.mappingRules

Methods
delete DELETE /v1alpha/{name}
Deletes a specific mapping rule.
fetchAll GET /v1alpha/{parent}/mappingRules:fetchAll
Returns all relevant mapping rules for a specific event context (source, product, and event name).
get GET /v1alpha/{name}
Retrieves a specific mapping rule identified by its resource name.
list GET /v1alpha/{parent}/mappingRules
Returns a paginated list of all mapping rules associated with a specific ontology record.
patch PATCH /v1alpha/{mappingRule.name}
Updates an existing mapping rule.
save POST /v1alpha/{parent}/mappingRules:save
Saves a mapping rule configuration for a specific ontology record.
test POST /v1alpha/{name}:test
Validates the logic of a specific mapping rule by applying it to a sample raw data field name and value.

REST Resource: v1alpha.projects.locations.instances.ontologyRecords.visualFamilies

Methods
create POST /v1alpha/{parent}/visualFamilies
Creates a new custom VisualFamily.
delete DELETE /v1alpha/{name}
Deletes a specific custom VisualFamily.
export POST /v1alpha/{parent}/visualFamilies:export
Exports selected visual families as a ZIP file.
get GET /v1alpha/{name}
Gets a single VisualFamily by its resource name.
import POST /v1alpha/{parent}/visualFamilies:import
Imports multiple visual families from a ZIP file.
list GET /v1alpha/{parent}/visualFamilies
Lists all VisualFamily resources associated with a specific ontology record.
patch PATCH /v1alpha/{visualFamily.name}
Updates an existing VisualFamily.

REST Resource: v1alpha.projects.locations.instances.operations

Methods
cancel POST /v1alpha/{name}:cancel
Starts asynchronous cancellation on a long-running operation.
delete DELETE /v1alpha/{name}
Deletes a long-running operation.
get GET /v1alpha/{name}
Gets the latest state of a long-running operation.
list GET /v1alpha/{name}/operations
Lists operations that match the specified filter in the request.
streamSearch GET /v1alpha/{name}:streamSearch
Streams the results of an in-progress search operation, or returns the final results of a completed operation.

REST Resource: v1alpha.projects.locations.instances.propertySchemaDefinitions

Methods
create POST /v1alpha/{parent}/propertySchemaDefinitions
Creates a new PropertySchemaDefinition.
delete DELETE /v1alpha/{name}
Deletes a PropertySchemaDefinition.
get GET /v1alpha/{name}
Gets a single PropertySchemaDefinition.
list GET /v1alpha/{parent}/propertySchemaDefinitions
Lists PropertySchemaDefinitions.
patch PATCH /v1alpha/{propertySchemaDefinition.name}
Updates an existing PropertySchemaDefinition.

REST Resource: v1alpha.projects.locations.instances.referenceLists

Methods
create POST /v1alpha/{parent}/referenceLists
Creates a new reference list.
get GET /v1alpha/{name}
Gets a single reference list.
list GET /v1alpha/{parent}/referenceLists
Lists a collection of reference lists.
patch PATCH /v1alpha/{referenceList.name}
Updates an existing reference list.

REST Resource: v1alpha.projects.locations.instances.remoteAgents

Methods
connectorValidRemoteAgents GET /v1alpha/{parent}/remoteAgents:connectorValidRemoteAgents
Lists all RemoteAgents that are valid and compatible with a specific connector.
create POST /v1alpha/{parent}/remoteAgents
Creates a new RemoteAgent.
delete DELETE /v1alpha/{name}
Deletes a RemoteAgent.
fetchEditableRemoteAgents GET /v1alpha/{parent}/remoteAgents:fetchEditableRemoteAgents
Lists all RemoteAgents that the requesting user has permissions to edit.
fetchInstallationCommand GET /v1alpha/{name}:fetchInstallationCommand
Retrieves the specific command string required to install a RemoteAgent.
fetchInstallerFile GET /v1alpha/{name}:fetchInstallerFile
Retrieves a download link for the RemoteAgent's installer file.
fetchRedeployStatus GET /v1alpha/{name}:fetchRedeployStatus
Returns the redeployment status for integrations on a RemoteAgent.
fetchRemoteAgentsCompatibleWithJobs GET /v1alpha/{parent}/remoteAgents:fetchRemoteAgentsCompatibleWithJobs
Lists all RemoteAgents compatible with executing jobs for a specific integration.
fetchRemoteAgentsInformation POST /v1alpha/{parent}/remoteAgents:fetchRemoteAgentsInformation
Retrieves detailed information for a list of RemoteAgents.
get GET /v1alpha/{name}
Gets a single RemoteAgent.
list GET /v1alpha/{parent}/remoteAgents
Lists RemoteAgents.
migrateConnectors POST /v1alpha/{name}:migrateConnectors
Migrates legacy connectors on a RemoteAgent from remote to local scheduling.
patch PATCH /v1alpha/{remoteAgent.name}
Updates an existing RemoteAgent.
redeployRemoteAgent POST /v1alpha/{parent}/remoteAgents:redeployRemoteAgent
Redeploys configuration from one RemoteAgent to another.
sendRemoteAgentInstaller POST /v1alpha/{name}:sendRemoteAgentInstaller
Sends the RemoteAgent installer via email.
upgradeRemoteAgent POST /v1alpha/{name}:upgradeRemoteAgent
Upgrades a RemoteAgent to the latest available version.

REST Resource: v1alpha.projects.locations.instances.requestTemplates

Methods
create POST /v1alpha/{parent}/requestTemplates
Defines a new manual request form, specifying the input fields analysts must provide and how the data should be visually mapped in cases.
delete DELETE /v1alpha/{name}
Permanently removes an obsolete manual request form from the system.
get GET /v1alpha/{name}
Retrieves the definition of a manual request form, including its display fields, visual mapping, and associated environments.
list GET /v1alpha/{parent}/requestTemplates
Lists all available manual request forms configured in the system.
patch PATCH /v1alpha/{requestTemplate.name}
Modifies a manual request form's structure, such as adding or removing fields, or adjusting environment associations.

REST Resource: v1alpha.projects.locations.instances.ruleExecutionErrors

Methods
list GET /v1alpha/{parent}/ruleExecutionErrors
Lists rule execution errors.

REST Resource: v1alpha.projects.locations.instances.rules

Methods
create POST /v1alpha/{parent}/rules
Creates a new Rule.
delete DELETE /v1alpha/{name}
Deletes a Rule.
get GET /v1alpha/{name}
Gets a Rule.
getDeployment GET /v1alpha/{name}
Gets a RuleDeployment.
list GET /v1alpha/{parent}/rules
Lists Rules.
listRevisions GET /v1alpha/{name}:listRevisions
Lists all revisions of the rule.
modifyRules POST /v1alpha/{parent}/rules:modifyRules
ModifyRules allows users to modify the rule config for multiple rules at once.
patch PATCH /v1alpha/{rule.name}
Updates a Rule.
updateDeployment PATCH /v1alpha/{ruleDeployment.name}
Updates a RuleDeployment.

REST Resource: v1alpha.projects.locations.instances.rules.deployments

Methods
list GET /v1alpha/{parent}/deployments
Lists RuleDeployments across all Rules.

REST Resource: v1alpha.projects.locations.instances.rules.retrohunts

Methods
create POST /v1alpha/{parent}/retrohunts
Create a Retrohunt.
get GET /v1alpha/{name}
Get a Retrohunt.
list GET /v1alpha/{parent}/retrohunts
List Retrohunts.

REST Resource: v1alpha.projects.locations.instances.savedColumnSets

Methods
create POST /v1alpha/{parent}/savedColumnSets
Endpoint for adding a new saved column set to the specified instance.
delete DELETE /v1alpha/{name}
Endpoint for deleting a saved column set.
get GET /v1alpha/{name}
Endpoint for getting a user's saved column set.
list GET /v1alpha/{parent}/savedColumnSets
Endpoint for listing the saved column sets.
patch PATCH /v1alpha/{savedColumnSet.name}
Endpoint for updating user data saved column set

REST Resource: v1alpha.projects.locations.instances.searchSessions.searchedResults

Methods
list GET /v1alpha/{parent}/searchedResults
Retrieves results from a completed Search operation.

REST Resource: v1alpha.projects.locations.instances.sharedPreferenceSets

Methods
create POST /v1alpha/{parent}/sharedPreferenceSets
Creates a new custom shared preference set.
delete DELETE /v1alpha/{name}
Deletes a shared preference set.
get GET /v1alpha/{name}
Gets a shared preference set.
list GET /v1alpha/{parent}/sharedPreferenceSets
Lists shared preference sets.
patch PATCH /v1alpha/{sharedPreferenceSet.name}
Updates a shared preference set.

REST Resource: v1alpha.projects.locations.instances.slaDefinitions

Methods
create POST /v1alpha/{parent}/slaDefinitions
Creates a new SlaDefinition.
delete DELETE /v1alpha/{name}
Deletes a SlaDefinition.
export GET /v1alpha/{parent}/slaDefinitions:export
Exports all SlaDefinitions to a CSV file.
get GET /v1alpha/{name}
Gets a single SlaDefinition.
import POST /v1alpha/{parent}/slaDefinitions:import
Imports SlaDefinitions from a CSV file.
list GET /v1alpha/{parent}/slaDefinitions
Lists all SlaDefinitions.
patch PATCH /v1alpha/{slaDefinition.name}
Updates an existing SlaDefinition.

REST Resource: v1alpha.projects.locations.instances.soarDomains

Methods
create POST /v1alpha/{parent}/soarDomains
Creates a new SoarDomain.
delete DELETE /v1alpha/{name}
Deletes a SoarDomain.
export GET /v1alpha/{parent}/soarDomains:export
Exports all SoarDomains to a CSV file.
get GET /v1alpha/{name}
Gets a single SoarDomain.
import POST /v1alpha/{parent}/soarDomains:import
Imports SoarDomains from a CSV file.
list GET /v1alpha/{parent}/soarDomains
Lists SoarDomains.
patch PATCH /v1alpha/{soarDomain.name}
Updates an existing SoarDomain.

REST Resource: v1alpha.projects.locations.instances.soarNetworks

Methods
create POST /v1alpha/{parent}/soarNetworks
Creates a new SoarNetwork.
delete DELETE /v1alpha/{name}
Deletes a single SoarNetwork.
deleteAll DELETE /v1alpha/{parent}/soarNetworks:all
Deletes all SoarNetworks within an instance.
export GET /v1alpha/{parent}/soarNetworks:export
Exports all SoarNetworks to a CSV file.
get GET /v1alpha/{name}
Gets a single SoarNetwork.
import POST /v1alpha/{parent}/soarNetworks:import
Imports SoarNetworks from a CSV file.
list GET /v1alpha/{parent}/soarNetworks
Lists SoarNetworks.
patch PATCH /v1alpha/{soarNetwork.name}
Updates an existing SoarNetwork.

REST Resource: v1alpha.projects.locations.instances.socRoles

Methods
create POST /v1alpha/{parent}/socRoles
Creates a new SocRole.
delete DELETE /v1alpha/{name}
Deletes a SocRole.
get GET /v1alpha/{name}
Gets a single SocRole.
list GET /v1alpha/{parent}/socRoles
Lists all available SocRoles.
patch PATCH /v1alpha/{socRole.name}
Updates an existing SocRole.

REST Resource: v1alpha.projects.locations.instances.systemNotifications

Methods
count GET /v1alpha/{parent}/systemNotifications:count
Counts unread SystemNotifications.
get GET /v1alpha/{name}
Gets a single SystemNotification.
list GET /v1alpha/{parent}/systemNotifications
Lists SystemNotifications.
markAsRead POST /v1alpha/{parent}/systemNotifications:markAsRead
Marks a list of SystemNotifications as read.

REST Resource: v1alpha.projects.locations.instances.tasks

Methods
create POST /v1alpha/{parent}/tasks
Creates a new Task.
delete DELETE /v1alpha/{name}
Deletes a Task.
get GET /v1alpha/{name}
Gets a single Task.
list GET /v1alpha/{parent}/tasks
Lists Tasks.
patch PATCH /v1alpha/{task.name}
Updates an existing Task.

REST Resource: v1alpha.projects.locations.instances.tenants

Methods
create POST /v1alpha/{parent}/tenants
Allow partners to create a new tenant.
list GET /v1alpha/{parent}/tenants
Allow partners to list their tenants.
patch PATCH /v1alpha/{tenant.name}
UpdateTenant allows partners to update their tenants.

REST Resource: v1alpha.projects.locations.instances.threatCollections

Methods
fetchEntityMetadata GET /v1alpha/{name}:fetchEntityMetadata
Gets a list of entity metadata for a threat collection.
fetchIocMatchMetadata GET /v1alpha/{parent}/threatCollections:fetchIocMatchMetadata
Gets a batch (list) of ioc match metadata for a list of threat collections.
fetchRelated GET /v1alpha/{parent}/threatCollections:fetchRelated
List related threat collections for a threat artifact.
get GET /v1alpha/{name}
Gets a threat collection by resource name.
list GET /v1alpha/{parent}/threatCollections
Lists threat collections, which contain reports and tracked threat campaigns from Google Threat Intelligence.

REST Resource: v1alpha.projects.locations.instances.uniqueEntities

Methods
addNote POST /v1alpha/{parent}/uniqueEntities:addNote
Adds a comment or note to a unique entity.
download GET /v1alpha/{name}/uniqueEntities:generateReport
Generates and downloads a report for a unique entity.
fetchFull POST /v1alpha/{parent}/uniqueEntities:fetchFull
Fetches comprehensive information for a unique entity.
get GET /v1alpha/{name}
Gets a specific unique entity.
list GET /v1alpha/{parent}/uniqueEntities
Lists unique entities within a specific instance.
patch PATCH /v1alpha/{uniqueEntity.name}
Updates properties of a unique entity.

REST Resource: v1alpha.projects.locations.instances.users

Methods
clearConversationHistory POST /v1alpha/{name}:clearConversationHistory
ClearConversationHistory deletes all the user's data (messages and conversations) except of feedbacks.
getPreferenceSet GET /v1alpha/{name}
Endpoint for getting a user's PreferenceSet
updatePreferenceSet PATCH /v1alpha/{preferenceSet.name}
Endpoint for updating user data saved query

REST Resource: v1alpha.projects.locations.instances.users.conversations

Methods
create POST /v1alpha/{parent}/conversations
CreateConversation is used to create a new conversation.
delete DELETE /v1alpha/{name}
DeleteConversation is used to delete a conversation.
get GET /v1alpha/{name}
GetConversation is used to retrieve an existing conversation.
list GET /v1alpha/{parent}/conversations
ListConversations is used to retrieve existing conversations.
patch PATCH /v1alpha/{conversation.name}
UpdateConversation is used to update an existing conversation.

REST Resource: v1alpha.projects.locations.instances.users.conversations.messages

Methods
create POST /v1alpha/{parent}/messages
CreateMessage is used to create a new message in a conversation.
delete DELETE /v1alpha/{name}
DeleteMessage is used to delete a message.
get GET /v1alpha/{name}
GetMessage is used to retrieve a message.
list GET /v1alpha/{parent}/messages
ListMessages is used to retrieve existing messages for a conversation.
patch PATCH /v1alpha/{message.name}
UpdateMessage is used to update an existing message.

REST Resource: v1alpha.projects.locations.instances.users.savedColumnSets

Methods
create POST /v1alpha/{parent}/savedColumnSets
Endpoint for adding a new saved column set to the specified instance.
delete DELETE /v1alpha/{name}
Endpoint for deleting a saved column set.
get GET /v1alpha/{name}
Endpoint for getting a user's saved column set.
list GET /v1alpha/{parent}/savedColumnSets
Endpoint for listing the saved column sets.
patch PATCH /v1alpha/{savedColumnSet.name}
Endpoint for updating user data saved column set

REST Resource: v1alpha.projects.locations.instances.users.searchQueries

Methods
create POST /v1alpha/{parent}/searchQueries
Endpoint for adding a new entry to the specified collection of user data
delete DELETE /v1alpha/{name}
Endpoint for deleting a user data saved query entry
get GET /v1alpha/{name}
Endpoint for getting a user's Saved query entry
list GET /v1alpha/{parent}/searchQueries
Endpoint for listing the user data saved queries owned by the specified user
patch PATCH /v1alpha/{searchQuery.name}
Endpoint for updating user data saved query

REST Resource: v1alpha.projects.locations.instances.views

Methods
fetchPredefined GET /v1alpha/{parent}/views:fetchPredefined
Fetches predefined widgets provided by integrations.
get GET /v1alpha/{name}
Gets a specific view.
list GET /v1alpha/{parent}/views
Lists views within a specific instance.
saveOverviewTemplate POST /v1alpha/{parent}/views:saveOverviewTemplate
Saves a new overview template.

REST Resource: v1alpha.projects.locations.instances.watchlists

Methods
create POST /v1alpha/{parent}/watchlists
Creates a watchlist for the given instance.
delete DELETE /v1alpha/{name}
Deletes the watchlist for the given instance.
get GET /v1alpha/{name}
Gets watchlist details for the given watchlist ID.
list GET /v1alpha/{parent}/watchlists
Lists all watchlists for the given instance.
listEntities GET /v1alpha/{parent}:listEntities
Lists all entities for the given watchlist.
patch PATCH /v1alpha/{watchlist.name}
Updates the watchlist for the given instance.

REST Resource: v1alpha.projects.locations.instances.watchlists.entities

Methods
add POST /v1alpha/{parent}/entities:add
Adds an entity in watchlist.
batchAdd POST /v1alpha/{parent}/entities:batchAdd
Adds a batch of entities under watchlist.
batchRemove POST /v1alpha/{parent}/entities:batchRemove
Removes entities in batch in the given watchlist.
remove POST /v1alpha/{name}:remove
Removes the entity in the given watchlist.

REST Resource: v1alpha.projects.locations.instances.webhooks

Methods
WebhookIngestion POST /v1alpha/{name}:ingest
Ingests data through a configured webhook.
create POST /v1alpha/{parent}/webhooks
Creates a new webhook configuration.
delete DELETE /v1alpha/{name}
Deletes a webhook configuration.
exportLogs POST /v1alpha/{name}:exportLogs
Exports the processing logs for a webhook.
get GET /v1alpha/{name}
Gets a specific webhook configuration.
getLogs GET /v1alpha/{name}:getLogs
Retrieves processing logs for a given webhook.
getStatistics GET /v1alpha/{name}:getStatistics
Returns ingestion statistics for a specific webhook.
list GET /v1alpha/{parent}/webhooks
Lists webhooks configured for a specific instance.
patch PATCH /v1alpha/{webhook.name}
Updates an existing webhook configuration.
revokeUrl POST /v1alpha/{name}:revokeUrl
Revokes the current URL for a specific webhook.

REST Resource: v1.projects.locations.instances

Methods
get GET /v1/{name}
Gets a Instance.

REST Resource: v1.projects.locations.instances.dataAccessLabels

Methods
create POST /v1/{parent}/dataAccessLabels
Creates a data access label.
delete DELETE /v1/{name}
Deletes a data access label.
get GET /v1/{name}
Gets a data access label.
list GET /v1/{parent}/dataAccessLabels
Lists all data access labels for the customer.
patch PATCH /v1/{dataAccessLabel.name}
Updates a data access label.

REST Resource: v1.projects.locations.instances.dataAccessScopes

Methods
create POST /v1/{parent}/dataAccessScopes
Creates a data access scope.
delete DELETE /v1/{name}
Deletes a data access scope.
get GET /v1/{name}
Retrieves an existing data access scope.
list GET /v1/{parent}/dataAccessScopes
Lists all existing data access scopes for the customer.
patch PATCH /v1/{dataAccessScope.name}
Updates a data access scope.

REST Resource: v1.projects.locations.instances.dataTableOperationErrors

Methods
get GET /v1/{name}
Get the error for a data table operation.

REST Resource: v1.projects.locations.instances.dataTables

Methods
create POST /v1/{parent}/dataTables
Create a new data table.
delete DELETE /v1/{name}
Delete data table.
get GET /v1/{name}
Get data table info.
list GET /v1/{parent}/dataTables
List data tables.
patch PATCH /v1/{dataTable.name}
Update data table.

REST Resource: v1.projects.locations.instances.dataTables.dataTableRows

Methods
bulkCreate POST /v1/{parent}/dataTableRows:bulkCreate
Create data table rows in bulk.
bulkCreateAsync POST /v1/{parent}/dataTableRows:bulkCreateAsync
Create data table rows in bulk asynchronously.
bulkGet POST /v1/{parent}/dataTableRows:bulkGet
Get data table rows in bulk.
bulkReplace POST /v1/{parent}/dataTableRows:bulkReplace
Replace all existing data table rows with new data table rows.
bulkReplaceAsync POST /v1/{parent}/dataTableRows:bulkReplaceAsync
Replace all existing data table rows with new data table rows asynchronously.
bulkUpdate POST /v1/{parent}/dataTableRows:bulkUpdate
Update data table rows in bulk.
bulkUpdateAsync POST /v1/{parent}/dataTableRows:bulkUpdateAsync
Update data table rows in bulk asynchronously.
create POST /v1/{parent}/dataTableRows
Create a new data table row.
delete DELETE /v1/{name}
Delete data table row.
get GET /v1/{name}
Get data table row
list GET /v1/{parent}/dataTableRows
List data table rows.
patch PATCH /v1/{dataTableRow.name}
Update data table row

REST Resource: v1.projects.locations.instances.operations

Methods
cancel POST /v1/{name}:cancel
Starts asynchronous cancellation on a long-running operation.
delete DELETE /v1/{name}
Deletes a long-running operation.
get GET /v1/{name}
Gets the latest state of a long-running operation.
list GET /v1/{name}/operations
Lists operations that match the specified filter in the request.

REST Resource: v1.projects.locations.instances.referenceLists

Methods
create POST /v1/{parent}/referenceLists
Creates a new reference list.
get GET /v1/{name}
Gets a single reference list.
list GET /v1/{parent}/referenceLists
Lists a collection of reference lists.
patch PATCH /v1/{referenceList.name}
Updates an existing reference list.

REST Resource: v1.projects.locations.instances.rules

Methods
create POST /v1/{parent}/rules
Creates a new Rule.
delete DELETE /v1/{name}
Deletes a Rule.
get GET /v1/{name}
Gets a Rule.
getDeployment GET /v1/{name}
Gets a RuleDeployment.
list GET /v1/{parent}/rules
Lists Rules.
listRevisions GET /v1/{name}:listRevisions
Lists all revisions of the rule.
patch PATCH /v1/{rule.name}
Updates a Rule.
updateDeployment PATCH /v1/{ruleDeployment.name}
Updates a RuleDeployment.

REST Resource: v1.projects.locations.instances.rules.deployments

Methods
list GET /v1/{parent}/deployments
Lists RuleDeployments across all Rules.

REST Resource: v1.projects.locations.instances.rules.retrohunts

Methods
create POST /v1/{parent}/retrohunts
Create a Retrohunt.
get GET /v1/{name}
Get a Retrohunt.
list GET /v1/{parent}/retrohunts
List Retrohunts.

REST Resource: v1.projects.locations.instances.watchlists

Methods
create POST /v1/{parent}/watchlists
Creates a watchlist for the given instance.
delete DELETE /v1/{name}
Deletes the watchlist for the given instance.
get GET /v1/{name}
Gets watchlist details for the given watchlist ID.
list GET /v1/{parent}/watchlists
Lists all watchlists for the given instance.
patch PATCH /v1/{watchlist.name}
Updates the watchlist for the given instance.