Chronicle API

The Google Cloud Security Operations API (Chronicle API) provides endpoints that help analysts investigate and mitigate security threats throughout their lifecycle.

Service: chronicle.googleapis.com

Service endpoint

A service endpoint is the base URL that specifies the network address of an API service. A single service can have multiple service endpoints. Chronicle is a regional service and only supports regional endpoints. Requests sent to the global chronicle.googleapis.com endpoint will fail with a `404` error. To find your regional endpoint, see Regional service endpoint.

Regional service endpoint

A regional service endpoint is a base URL that specifies the network address of an API service in a single region. A service that is available in multiple regions might have multiple regional endpoints. Select a location to see its regional service endpoint for this service.


  • https://chronicle.africa-south1.rep.googleapis.com

    • REST Resource: v1beta.projects.locations.instances

    Methods
    generateCollectionAgentAuth POST /v1beta/{name}:generateCollectionAgentAuth
    GenerateCollectionAgentAuth generates an auth json file for the collection agent.
    get GET /v1beta/{name}
    Gets a Instance.
    getThreatCollectionFilterSet GET /v1beta/{name}
    Get the set of threat collection filter options.
    submitResponseFeedback POST /v1beta/{instance}:submitResponseFeedback
    Submits user feedback for a specific platform interaction or feature.

    REST Resource: v1beta.projects.locations.instances.alertGroupingRules

    Methods
    create POST /v1beta/{parent}/alertGroupingRules
    Creates a new alert grouping rule.
    delete DELETE /v1beta/{name}
    Deletes an alert grouping rule.
    get GET /v1beta/{name}
    Gets an alert grouping rule.
    list GET /v1beta/{parent}/alertGroupingRules
    Lists alert grouping rules.
    patch PATCH /v1beta/{alertGroupingRule.name}
    Updates an existing alert grouping rule.

    REST Resource: v1beta.projects.locations.instances.announcements

    Methods
    create POST /v1beta/{parent}/announcements
    Create an Announcement.
    delete DELETE /v1beta/{name}
    Delete an Announcement.
    get GET /v1beta/{name}
    Get an Announcement.
    list GET /v1beta/{parent}/announcements
    List page of Announcements.
    patch PATCH /v1beta/{announcement.name}
    Update an Announcement.

    REST Resource: v1beta.projects.locations.instances.caseCloseDefinitions

    Methods
    create POST /v1beta/{parent}/caseCloseDefinitions
    Creates a new CaseCloseDefinition.
    delete DELETE /v1beta/{name}
    Deletes a CaseCloseDefinition.
    get GET /v1beta/{name}
    Gets a single CaseCloseDefinition by its resource name.
    list GET /v1beta/{parent}/caseCloseDefinitions
    Lists all CaseCloseDefinitions.
    patch PATCH /v1beta/{caseCloseDefinition.name}
    Updates an existing CaseCloseDefinition.

    REST Resource: v1beta.projects.locations.instances.caseQueueFilters

    Methods
    create POST /v1beta/{parent}/caseQueueFilters
    Creates a new CaseQueueFilter.
    delete DELETE /v1beta/{name}
    Deletes a CaseQueueFilter.
    get GET /v1beta/{name}
    Gets a single CaseQueueFilter by its resource name.
    getShareConfig GET /v1beta/{name}
    Gets the ShareConfig for a specific CaseQueueFilter.
    list GET /v1beta/{parent}/caseQueueFilters
    Lists CaseQueueFilters available to the user.
    patch PATCH /v1beta/{caseQueueFilter.name}
    Updates an existing CaseQueueFilter.
    updateShareConfig PATCH /v1beta/{shareConfig.name}
    Updates the ShareConfig for a specific CaseQueueFilter.

    REST Resource: v1beta.projects.locations.instances.caseStageDefinitions

    Methods
    create POST /v1beta/{parent}/caseStageDefinitions
    Creates a new CaseStageDefinition.
    delete DELETE /v1beta/{name}
    Deletes a CaseStageDefinition.
    get GET /v1beta/{name}
    Gets a single CaseStageDefinition by its resource name.
    list GET /v1beta/{parent}/caseStageDefinitions
    Lists all CaseStageDefinitions available in the instance.
    patch PATCH /v1beta/{caseStageDefinition.name}
    Updates an existing CaseStageDefinition.

    REST Resource: v1beta.projects.locations.instances.caseTagDefinitions

    Methods
    create POST /v1beta/{parent}/caseTagDefinitions
    Creates a new CaseTagDefinition.
    delete DELETE /v1beta/{name}
    Deletes a CaseTagDefinition.
    get GET /v1beta/{name}
    Gets a single CaseTagDefinition by its resource name.
    import POST /v1beta/{parent}/caseTagDefinitions:import
    Imports CaseTagDefinitions from a CSV file.
    list GET /v1beta/{parent}/caseTagDefinitions
    Lists all CaseTagDefinitions available in the instance.
    patch PATCH /v1beta/{caseTagDefinition.name}
    Updates an existing CaseTagDefinition.

    REST Resource: v1beta.projects.locations.instances.cases

    Methods
    addTag POST /v1beta/{name}:addTag
    Adds a tag to a Case.
    createInsight POST /v1beta/{name}:createInsight
    Adds an insight to a Case.
    executeBulkAddTag POST /v1beta/{parent}/cases:executeBulkAddTag
    Adds a tag to multiple cases in a single operation.
    executeBulkAssign POST /v1beta/{parent}/cases:executeBulkAssign
    Assigns multiple cases to a specific analyst or SOC role in bulk.
    executeBulkChangePriority POST /v1beta/{parent}/cases:executeBulkChangePriority
    Changes the priority level for multiple cases in bulk.
    executeBulkChangeStage POST /v1beta/{parent}/cases:executeBulkChangeStage
    Updates the case stage for multiple cases in bulk.
    executeBulkClose POST /v1beta/{parent}/cases:executeBulkClose
    Closes multiple cases in a single operation.
    executeBulkReopen POST /v1beta/{parent}/cases:executeBulkReopen
    Reopens multiple previously closed cases in a single operation.
    generateReport POST /v1beta/{name}:generateReport
    Generates a report for a Case in a specified format (e.g., PDF, HTML).
    get GET /v1beta/{name}
    Gets a single Case by its resource name.
    getCaseOverviewData GET /v1beta/{name}:caseOverviewData
    Retrieves the case view metadaata.
    list GET /v1beta/{parent}/cases
    Lists Cases in an instance.
    merge POST /v1beta/{parent}/cases:merge
    Merges one or more cases into a single destination case.
    patch PATCH /v1beta/{case.name}
    Updates an existing Case.
    pauseSla POST /v1beta/{name}:pauseSla
    Pauses the Service Level Agreement (SLA) timer for a specific Case.
    removeTag POST /v1beta/{name}:removeTag
    Removes a tag from a Case.
    resolveOverviewWidget GET /v1beta/{name}:resolveOverviewWidget
    Resolves updated data for a specific case overview widget.
    resumeSla POST /v1beta/{name}:resumeSla
    Resumes a previously paused SLA timer for a Case.

    REST Resource: v1beta.projects.locations.instances.cases.alerts.customFieldValues

    Methods
    batchUpdate POST /v1beta/{parent}/customFieldValues:batchUpdate
    Performs a bulk update of multiple custom field values in a single operation.
    get GET /v1beta/{name}
    Gets a single custom field value by its resource name.
    list GET /v1beta/{parent}/customFieldValues
    Lists all custom field values for a specific case or alert.
    patch PATCH /v1beta/{customFieldValue.name}
    Updates (or creates if not present) the value of a custom field.

    REST Resource: v1beta.projects.locations.instances.cases.caseAlerts

    Methods
    createRecommendationLongRunning POST /v1beta/{parent}:createRecommendationLongRunning
    Initiates an asynchronous request to generate a new AI recommendation for an alert.
    fetchRecommendation GET /v1beta/{parent}/caseAlerts:fetchRecommendation
    Fetches a previously generated AI-driven recommendation for an alert.
    get GET /v1beta/{name}
    Gets a single CaseAlert.
    getAlertOverviewData GET /v1beta/{name}:alertOverviewData
    Retrieves a view of widgets for a specific alert.
    list GET /v1beta/{parent}/caseAlerts
    Lists CaseAlerts within a specific Case.
    move POST /v1beta/{name}:move
    Moves a CaseAlert to a different Case.
    patch PATCH /v1beta/{caseAlert.name}
    Updates an existing CaseAlert.
    pauseSla POST /v1beta/{name}:pauseSla
    Pauses the SLA timer for a CaseAlert.
    resolveOverviewWidget GET /v1beta/{name}:resolveOverviewWidget
    Resolves the data for a specific alert overview widget.
    resumeSla POST /v1beta/{name}:resumeSla
    Resumes a previously paused SLA timer for a CaseAlert.
    setSla POST /v1beta/{name}:setSla
    Sets the Service Level Agreement (SLA) for a specific CaseAlert.

    REST Resource: v1beta.projects.locations.instances.cases.caseAlerts.connectorEvents

    Methods
    get GET /v1beta/{name}
    Get a ConnectorEvent.
    getFormatted GET /v1beta/{parent}/connectorEvents:formatted
    Get a formatted ConnectorEvents for a given case/alert.
    list GET /v1beta/{parent}/connectorEvents
    List page of ConnectorEvents.

    REST Resource: v1beta.projects.locations.instances.cases.caseAlerts.contextProperties

    Methods
    clearAll POST /v1beta/{parent}/contextProperties:clearAll
    Deletes all context properties associated with a specific parent context.
    create POST /v1beta/{parent}/contextProperties
    Creates a new context property.
    delete DELETE /v1beta/{name}
    Deletes a specific context property.
    get GET /v1beta/{name}
    Gets a single context property by its resource name.
    list GET /v1beta/{parent}/contextProperties
    Lists all context properties for a specific parent entity.
    patch PATCH /v1beta/{contextProperty.name}
    Updates an existing context property.

    REST Resource: v1beta.projects.locations.instances.cases.caseAlerts.involvedEntities

    Methods
    addProperty POST /v1beta/{name}:addProperty
    Adds a new custom property to an InvolvedEntity.
    create POST /v1beta/{parent}/involvedEntities
    Manually adds a new InvolvedEntity to a case and alert.
    fetchCards GET /v1beta/{parent}/involvedEntities:fetchCards
    Returns metadate of each involved entity in a specific alert, including their connectivity and high-level status.
    get GET /v1beta/{name}
    Gets a single InvolvedEntity by its resource name.
    list GET /v1beta/{parent}/involvedEntities
    Lists all InvolvedEntities associated with a specific case and alert.
    patch PATCH /v1beta/{involvedEntity.name}
    Updates an existing InvolvedEntity.
    updateProperty POST /v1beta/{name}:updateProperty
    Updates the value of an existing custom property on an InvolvedEntity.

    REST Resource: v1beta.projects.locations.instances.cases.caseComments

    Methods
    create POST /v1beta/{parent}/caseComments
    Creates a new CaseComment.
    delete DELETE /v1beta/{name}
    Performs a soft delete of a CaseComment.
    get GET /v1beta/{name}
    Gets a single CaseComment by its resource name.
    list GET /v1beta/{parent}/caseComments
    Lists CaseComments associated with a specific Case.
    patch PATCH /v1beta/{caseComment.name}
    Updates an existing CaseComment.

    REST Resource: v1beta.projects.locations.instances.cases.caseWallRecords

    Methods
    favorite PATCH /v1beta/{favoriteRequest.name}:favorite
    Sets or unsets (toggles) the favorite status of a wall record.
    fetchActivitiesCount GET /v1beta/{parent}/caseWallRecords:fetchActivitiesCount
    Returns the count of case activities, optionally filtered by type.
    get GET /v1beta/{name}
    Gets a single CaseWallRecord by its resource name.
    list GET /v1beta/{parent}/caseWallRecords
    Lists CaseWallRecords for a specific Case.

    REST Resource: v1beta.projects.locations.instances.cases.chatMessages

    Methods
    create POST /v1beta/{parent}/chatMessages
    Creates a Case-chat message.
    get GET /v1beta/{name}
    Gets a Case-chat message.
    list GET /v1beta/{parent}/chatMessages
    Lists all Case-chat messages for a given case.
    pinMessage POST /v1beta/{name}:pinMessage
    Pins a Case-chat message to the case wall.
    unpinMessage POST /v1beta/{name}:unpinMessage
    Unpins a Case-chat message from the case wall.
    unreadMessagesCount GET /v1beta/{parent}/chatMessages:unreadMessagesCount
    Gets the amount of unread messages for current user
    upload POST /v1beta/{parent}/chatMessages:createWithAttachment
    POST /upload/v1beta/{parent}/chatMessages:createWithAttachment
    Creates a Case-chat message with an attachment.

    REST Resource: v1beta.projects.locations.instances.cases.chatMessages.attachments

    Methods
    download GET /v1beta/{name}:download
    Downloads a Case-chat message attachment.

    REST Resource: v1beta.projects.locations.instances.cases.contextProperties

    Methods
    clearAll POST /v1beta/{parent}/contextProperties:clearAll
    Deletes all context properties associated with a specific parent context.
    create POST /v1beta/{parent}/contextProperties
    Creates a new context property.
    delete DELETE /v1beta/{name}
    Deletes a specific context property.
    get GET /v1beta/{name}
    Gets a single context property by its resource name.
    list GET /v1beta/{parent}/contextProperties
    Lists all context properties for a specific parent entity.
    patch PATCH /v1beta/{contextProperty.name}
    Updates an existing context property.

    REST Resource: v1beta.projects.locations.instances.cases.customFieldValues

    Methods
    batchUpdate POST /v1beta/{parent}/customFieldValues:batchUpdate
    Performs a bulk update of multiple custom field values in a single operation.
    get GET /v1beta/{name}
    Gets a single custom field value by its resource name.
    list GET /v1beta/{parent}/customFieldValues
    Lists all custom field values for a specific case or alert.
    patch PATCH /v1beta/{customFieldValue.name}
    Updates (or creates if not present) the value of a custom field.

    REST Resource: v1beta.projects.locations.instances.contentHub.contentPacks

    Methods
    add POST /v1beta/{parent}/contentPacks:add
    Creates a new custom ContentPack.
    alignPlaybooks POST /v1beta/{name}:alignPlaybooks
    Aligns playbooks in a content pack with configured integration instances.
    delete DELETE /v1beta/{name}
    Deletes a specific ContentPack.
    deployConnectorInstances POST /v1beta/{name}:deployConnectorInstances
    Deploys connector instances from a content pack.
    deployPlaybooks POST /v1beta/{name}:deployPlaybooks
    Deploys playbooks contained within a content pack.
    deployTestCases POST /v1beta/{name}:deployTestCases
    Deploys test cases from a content pack into the SecOps instance.
    download GET /v1beta/{name}:exportPack
    Exports a content pack as a ZIP file.
    get GET /v1beta/{name}
    Gets a single ContentPack by its resource name.
    installIntegration POST /v1beta/{name}:installIntegration
    Installs a specific integration from a content pack.
    list GET /v1beta/{parent}/contentPacks
    Lists ContentPacks available in the Content Hub.
    markAsDeployed POST /v1beta/{name}:markAsDeployed
    Marks a content pack as fully deployed.
    upload POST /v1beta/{parent}/contentPacks:importPack
    POST /upload/v1beta/{parent}/contentPacks:importPack
    Imports a content pack from a ZIP file (up to 500MB).

    REST Resource: v1beta.projects.locations.instances.contextProperties

    Methods
    clearAll POST /v1beta/{parent}/contextProperties:clearAll
    Deletes all context properties associated with a specific parent context.
    create POST /v1beta/{parent}/contextProperties
    Creates a new context property.
    delete DELETE /v1beta/{name}
    Deletes a specific context property.
    get GET /v1beta/{name}
    Gets a single context property by its resource name.
    list GET /v1beta/{parent}/contextProperties
    Lists all context properties for a specific parent entity.
    patch PATCH /v1beta/{contextProperty.name}
    Updates an existing context property.

    REST Resource: v1beta.projects.locations.instances.dataAccessLabels

    Methods
    create POST /v1beta/{parent}/dataAccessLabels
    Creates a data access label.
    delete DELETE /v1beta/{name}
    Deletes a data access label.
    get GET /v1beta/{name}
    Gets a data access label.
    list GET /v1beta/{parent}/dataAccessLabels
    Lists all data access labels for the customer.
    patch PATCH /v1beta/{dataAccessLabel.name}
    Updates a data access label.

    REST Resource: v1beta.projects.locations.instances.dataAccessScopes

    Methods
    create POST /v1beta/{parent}/dataAccessScopes
    Creates a data access scope.
    delete DELETE /v1beta/{name}
    Deletes a data access scope.
    get GET /v1beta/{name}
    Retrieves an existing data access scope.
    list GET /v1beta/{parent}/dataAccessScopes
    Lists all existing data access scopes for the customer.
    patch PATCH /v1beta/{dataAccessScope.name}
    Updates a data access scope.

    REST Resource: v1beta.projects.locations.instances.dynamicParameters

    Methods
    create POST /v1beta/{parent}/dynamicParameters
    Creates a new DynamicParameter.
    delete DELETE /v1beta/{name}
    Deletes a DynamicParameter.
    export POST /v1beta/{parent}/dynamicParameters:export
    Exports all DynamicParameters defined in the instance to a CSV file.
    get GET /v1beta/{name}
    Gets a single DynamicParameter by its resource name.
    import POST /v1beta/{parent}/dynamicParameters:import
    Imports DynamicParameters from a CSV file.
    list GET /v1beta/{parent}/dynamicParameters
    Lists all DynamicParameters defined in the instance.
    patch PATCH /v1beta/{dynamicParameter.name}
    Updates an existing DynamicParameter.

    REST Resource: v1beta.projects.locations.instances.emailTemplates

    Methods
    batchDelete POST /v1beta/{parent}/emailTemplates:batchDelete
    Batch delete email templates.
    create POST /v1beta/{parent}/emailTemplates
    Creates an EmailTemplate for a given instance.
    delete DELETE /v1beta/{name}
    Deletes an EmailTemplate for a given instance.
    export POST /v1beta/{parent}/emailTemplates:export
    Export email templates as file stream.
    get GET /v1beta/{name}
    Gets an EmailTemplate by name.
    import POST /v1beta/{parent}/emailTemplates:import
    Import email templates from file stream.
    list GET /v1beta/{parent}/emailTemplates
    Lists all EmailTemplates for a given instance.
    patch PATCH /v1beta/{emailTemplate.name}
    Updates an EmailTemplate for a given instance.

    REST Resource: v1beta.projects.locations.instances.entities

    Methods
    import POST /v1beta/{parent}/entities:import
    ImportEntities import the entities.

    REST Resource: v1beta.projects.locations.instances.entitiesBlocklists

    Methods
    create POST /v1beta/{parent}/entitiesBlocklists
    Create a EntitiesBlocklist.
    delete DELETE /v1beta/{name}
    Delete a EntitiesBlocklist.
    get GET /v1beta/{name}
    Get a EntitiesBlocklist.
    list GET /v1beta/{parent}/entitiesBlocklists
    List page of EntitiesBlocklists.
    patch PATCH /v1beta/{entitiesBlocklist.name}
    Update a EntitiesBlocklist.

    REST Resource: v1beta.projects.locations.instances.environmentGroups

    Methods
    create POST /v1beta/{parent}/environmentGroups
    Creates a new EnvironmentGroup.
    delete DELETE /v1beta/{name}
    Deletes a specific EnvironmentGroup.
    get GET /v1beta/{name}
    Gets a single EnvironmentGroup by its name.
    list GET /v1beta/{parent}/environmentGroups
    Lists all EnvironmentGroups available in the instance.
    patch PATCH /v1beta/{environmentGroup.name}
    Updates an existing EnvironmentGroup.

    REST Resource: v1beta.projects.locations.instances.environments

    Methods
    create POST /v1beta/{parent}/environments
    Creates a new Environment.
    delete DELETE /v1beta/{name}
    Deletes a specific Environment.
    get GET /v1beta/{name}
    Gets a single Environment by its resource name.
    list GET /v1beta/{parent}/environments
    Lists all Environments available in the instance.
    patch PATCH /v1beta/{environment.name}
    Updates an existing Environment.
    resetWeights POST /v1beta/{name}/environments:resetWeights
    Resets the resource distribution weights for all environments.

    REST Resource: v1beta.projects.locations.instances.events

    Methods
    import POST /v1beta/{parent}/events:import
    ImportEvents import the events.

    REST Resource: v1beta.projects.locations.instances.feedPacks

    Methods
    get GET /v1beta/{name}
    Gets a feed pack.
    list GET /v1beta/{parent}/feedPacks
    Lists Packs for which feeds can be configured.

    REST Resource: v1beta.projects.locations.instances.feedServiceAccounts

    Methods
    fetchServiceAccountForCustomer GET /v1beta/{parent}/feedServiceAccounts:fetchServiceAccountForCustomer
    Fetch Chronicle's service account used for ingesting data from Cloud Storage buckets.

    REST Resource: v1beta.projects.locations.instances.feedSourceTypeSchemas

    Methods
    list GET /v1beta/{parent}/feedSourceTypeSchemas
    List all FeedSourceTypeSchemas.

    REST Resource: v1beta.projects.locations.instances.feedSourceTypeSchemas.logTypeSchemas

    Methods
    list GET /v1beta/{parent}/logTypeSchemas
    List all LogTypeSchemas compatible with a given FeedSourceType.

    REST Resource: v1beta.projects.locations.instances.feeds

    Methods
    create POST /v1beta/{parent}/feeds
    Creates a feed.
    delete DELETE /v1beta/{name}
    Deletes a feed.
    disable POST /v1beta/{name}:disable
    Disable feed for ingestion.
    enable POST /v1beta/{name}:enable
    Enable feed for ingestion.
    generateSecret POST /v1beta/{name}:generateSecret
    Generates a new secret for https push feeds which do not support jwt tokens.
    get GET /v1beta/{name}
    Gets a feed.
    importPushLogs POST /v1beta/{parent}:importPushLogs
    Import logs coming from https push feeds.
    list GET /v1beta/{parent}/feeds
    Lists all feeds for the customer.
    patch PATCH /v1beta/{feed.name}
    Updates the full feed.

    REST Resource: v1beta.projects.locations.instances.formDynamicParameters

    Methods
    get GET /v1beta/{name}
    Gets a single FormDynamicParameter by its resource name.
    list GET /v1beta/{parent}/formDynamicParameters
    Lists all FormDynamicParameters defined in the instance.
    saveForm POST /v1beta/{parent}/formDynamicParameters:saveForm
    Saves the complete set of dynamic parameters for a specific form type.

    REST Resource: v1beta.projects.locations.instances.forwarders

    Methods
    create POST /v1beta/{parent}/forwarders
    Create a forwarder.
    delete DELETE /v1beta/{name}
    Delete a forwarder by forwarder ID.
    generateForwarderFiles GET /v1beta/{name}:generateForwarderFiles
    Generates a forwarder's configuration files.
    get GET /v1beta/{name}
    Get a forwarder by forwarder ID.
    importStatsEvents POST /v1beta/{name}:importStatsEvents
    ImportStatsEvents imports stats events from a forwarder.
    list GET /v1beta/{parent}/forwarders
    List all forwarders for the instance.
    patch PATCH /v1beta/{forwarder.name}
    Update a forwarder.

    REST Resource: v1beta.projects.locations.instances.forwarders.collectors

    Methods
    create POST /v1beta/{parent}/collectors
    Create a collector.
    delete DELETE /v1beta/{name}
    Delete a collector by collector ID.
    get GET /v1beta/{name}
    Get a collector by collector ID.
    list GET /v1beta/{parent}/collectors
    List all collectors for the forwarder.
    patch PATCH /v1beta/{collector.name}
    Update a collector.

    REST Resource: v1beta.projects.locations.instances.integrations

    Methods
    create POST /v1beta/{parent}/integrations
    Creates a new custom SOAR Integration.
    delete DELETE /v1beta/{name}
    Deletes a specific custom Integration.
    download GET /v1beta/{name}:export
    Exports the entire integration package as a ZIP file.
    downloadDependency POST /v1beta/{name}:downloadDependency
    Initiates the download of a Python dependency (e.g., a library from PyPI) for a custom integration.
    exportIntegrationItems GET /v1beta/{name}:exportItems
    Exports specific items from an integration into a ZIP folder.
    fetchAffectedItems GET /v1beta/{name}:fetchAffectedItems
    Identifies all system items (e.g., connector instances, job instances, playbooks) that would be affected by a change to or deletion of this integration.
    fetchAgentIntegrations GET /v1beta/{parent}:fetchAgentIntegrations
    Returns the set of integrations currently installed and configured on a specific agent.
    fetchCommercialDiff GET /v1beta/{name}:fetchCommercialDiff
    Returns the difference between the current integration and its matching commercial version in the Marketplace.
    fetchDependencies GET /v1beta/{name}:fetchDependencies
    Returns the complete list of Python dependencies currently associated with a custom integration.
    fetchRestrictedAgents GET /v1beta/{name}:fetchRestrictedAgents
    Identifies remote agents that would be restricted from running an updated version of the integration, typically due to environment incompatibilities like unsupported Python versions.
    get GET /v1beta/{name}
    Gets a single Integration by its resource name.
    getFetchProductionDiff GET /v1beta/{name}:fetchProductionDiff
    Returns the difference between the staging integration and its matching production version.
    getFetchStagingDiff GET /v1beta/{name}:fetchStagingDiff
    Returns the difference between the production integration and its corresponding staging version.
    import POST /v1beta/{parent}/integrations:import
    POST /upload/v1beta/{parent}/integrations:import
    Imports a complete integration package from a ZIP file (up to 500MB).
    importIntegrationDependency POST /v1beta/{name}:uploadDependency
    POST /upload/v1beta/{name}:uploadDependency
    Uploads a raw dependency file (e.g., a wheel file or binary) to an existing custom integration.
    importIntegrationItems POST /v1beta/{name}:importItems
    POST /upload/v1beta/{name}:importItems
    Imports individual integration items (actions, jobs, connectors, etc.) from a ZIP file into an existing custom integration.
    list GET /v1beta/{parent}/integrations
    Lists all Integrations installed in the instance.
    patch PATCH /v1beta/{integration.name}
    Updates an existing Integration's metadata.
    pushToProduction POST /v1beta/{name}:pushToProduction
    Transitions an integration from staging to production mode.
    pushToStaging POST /v1beta/{name}:pushToStaging
    Transitions an integration from production back to staging mode.
    updateCustomIntegration POST /v1beta/{updateCustomIntegrationPayload.integration.name}:updateCustomIntegration
    Updates a custom integration definition, including its parameters and dependencies.
    upload POST /v1beta/{parent}/integrations:extractIntegrationDetails
    POST /upload/v1beta/{parent}/integrations:extractIntegrationDetails
    Parses an integration ZIP file and returns its constituent items and metadata without importing it.

    REST Resource: v1beta.projects.locations.instances.integrations.actions

    Methods
    create POST /v1beta/{parent}/actions
    Creates a new custom IntegrationAction within an integration.
    delete DELETE /v1beta/{name}
    Deletes a specific custom IntegrationAction.
    executeTest POST /v1beta/{parent}/actions:executeTest
    Executes a test run of an action's script.
    fetchActionsByEnvironment GET /v1beta/{parent}/actions:fetchActionsByEnvironment
    Lists actions that are executable within specified environments.
    fetchTemplate GET /v1beta/{parent}/actions:fetchTemplate
    Retrieves a default Python script template for a new integration action.
    get GET /v1beta/{name}
    Gets a single IntegrationAction.
    list GET /v1beta/{parent}/actions
    Lists all IntegrationActions for a specific integration.
    patch PATCH /v1beta/{integrationAction.name}
    Updates an existing IntegrationAction.

    REST Resource: v1beta.projects.locations.instances.integrations.actions.revisions

    Methods
    create POST /v1beta/{parent}/revisions
    CreateActionRevision creates a new action revision.
    delete DELETE /v1beta/{name}
    DeleteActionRevision deletes an action revision.
    list GET /v1beta/{parent}/revisions
    List all revisions of an action.
    rollback POST /v1beta/{name}:rollback
    RollbackIntegrationActionRevision rolls back the action definition to a saved revision.

    REST Resource: v1beta.projects.locations.instances.integrations.connectors

    Methods
    create POST /v1beta/{parent}/connectors
    Creates a new custom IntegrationConnector.
    delete DELETE /v1beta/{name}
    Deletes a specific custom IntegrationConnector.
    executeTest POST /v1beta/{parent}/connectors:executeTest
    Executes a test run of a connector's Python script.
    fetchTemplate GET /v1beta/{parent}/connectors:fetchTemplate
    Returns a default Python script template for an integration connector.
    get GET /v1beta/{name}
    Gets a single IntegrationConnector by its resource name.
    list GET /v1beta/{parent}/connectors
    Lists all IntegrationConnectors defined for a specific integration.
    patch PATCH /v1beta/{integrationConnector.name}
    Updates an existing custom IntegrationConnector.

    REST Resource: v1beta.projects.locations.instances.integrations.connectors.connectorInstances

    Methods
    create POST /v1beta/{parent}/connectorInstances
    Creates a new ConnectorInstance based on a connector definition.
    delete DELETE /v1beta/{name}
    Deletes a ConnectorInstance.
    fetchLatestDefinition GET /v1beta/{parent}:fetchLatestDefinition
    Refreshes a connector instance with the latest definition from the integration.
    get GET /v1beta/{name}
    Gets a single ConnectorInstance by its resource name.
    list GET /v1beta/{parent}/connectorInstances
    Lists ConnectorInstances for a specific connector definition.
    patch PATCH /v1beta/{connectorInstance.name}
    Updates an existing ConnectorInstance.
    runOnDemand POST /v1beta/{name}:runOnDemand
    Triggers an immediate, single execution of the connector.
    setLogsCollection POST /v1beta/{name}:setLogsCollection
    Enables or disables debug log collection for a connector instance.

    REST Resource: v1beta.projects.locations.instances.integrations.connectors.connectorInstances.logs

    Methods
    get GET /v1beta/{name}
    Get a single ConnectorInstanceLog.
    list GET /v1beta/{parent}/logs
    List all ConnectorInstanceLogs for a given ConnectorInstance.

    REST Resource: v1beta.projects.locations.instances.integrations.connectors.contextProperties

    Methods
    clearAll POST /v1beta/{parent}/contextProperties:clearAll
    Deletes all context properties associated with a specific parent context.
    create POST /v1beta/{parent}/contextProperties
    Creates a new context property.
    delete DELETE /v1beta/{name}
    Deletes a specific context property.
    get GET /v1beta/{name}
    Gets a single context property by its resource name.
    list GET /v1beta/{parent}/contextProperties
    Lists all context properties for a specific parent entity.
    patch PATCH /v1beta/{contextProperty.name}
    Updates an existing context property.

    REST Resource: v1beta.projects.locations.instances.integrations.connectors.revisions

    Methods
    create POST /v1beta/{parent}/revisions
    Creates a new snapshot (revision) of the current connector definition.
    delete DELETE /v1beta/{name}
    Deletes a specific connector revision.
    list GET /v1beta/{parent}/revisions
    Lists all saved revisions of a specific connector.
    rollback POST /v1beta/{name}:rollback
    Restores the connector definition to the state captured in a specific revision.

    REST Resource: v1beta.projects.locations.instances.integrations.integrationInstances

    Methods
    create POST /v1beta/{parent}/integrationInstances
    Creates a new IntegrationInstance.
    delete DELETE /v1beta/{name}
    Deletes a specific IntegrationInstance.
    executeTest POST /v1beta/{name}:executeTest
    Executes a connectivity test ("ping") for a specific integration instance.
    fetchAffectedItems GET /v1beta/{name}:fetchAffectedItems
    Lists all playbooks that depend on a specific integration instance.
    fetchDefaultInstance GET /v1beta/{parent}/integrationInstances:fetchDefaultInstance
    Returns the system default configuration for a specific integration.
    get GET /v1beta/{name}
    Gets a single IntegrationInstance by its resource name.
    list GET /v1beta/{parent}/integrationInstances
    Lists all IntegrationInstances for a specific integration.
    patch PATCH /v1beta/{integrationInstance.name}
    Updates an existing IntegrationInstance.

    REST Resource: v1beta.projects.locations.instances.integrations.jobs

    Methods
    create POST /v1beta/{parent}/jobs
    Creates a new custom IntegrationJob.
    delete DELETE /v1beta/{name}
    Deletes a specific custom IntegrationJob.
    executeTest POST /v1beta/{parent}/jobs:executeTest
    Executes a test run of a `IntegrationJob's Python script.
    fetchTemplate GET /v1beta/{parent}/jobs:fetchTemplate
    Returns a default Python script template for an IntegrationJob.
    get GET /v1beta/{name}
    Gets a single IntegrationJob by its resource name.
    list GET /v1beta/{parent}/jobs
    Lists all IntegrationJobs defined for a specific integration.
    patch PATCH /v1beta/{integrationJob.name}
    Updates an existing custom IntegrationJob.

    REST Resource: v1beta.projects.locations.instances.integrations.jobs.contextProperties

    Methods
    clearAll POST /v1beta/{parent}/contextProperties:clearAll
    Deletes all context properties associated with a specific parent context.
    create POST /v1beta/{parent}/contextProperties
    Creates a new context property.
    delete DELETE /v1beta/{name}
    Deletes a specific context property.
    get GET /v1beta/{name}
    Gets a single context property by its resource name.
    list GET /v1beta/{parent}/contextProperties
    Lists all context properties for a specific parent entity.
    patch PATCH /v1beta/{contextProperty.name}
    Updates an existing context property.

    REST Resource: v1beta.projects.locations.instances.integrations.jobs.jobInstances

    Methods
    create POST /v1beta/{parent}/jobInstances
    Creates a new IntegrationJobInstance from a job definition.
    delete DELETE /v1beta/{name}
    Deletes a specific IntegrationJobInstance.
    get GET /v1beta/{name}
    Gets a single IntegrationJobInstance by its resource name.
    list GET /v1beta/{parent}/jobInstances
    Lists all IntegrationJobInstances for a specific job definition.
    patch PATCH /v1beta/{integrationJobInstance.name}
    Updates an existing IntegrationJobInstance.
    runOnDemand POST /v1beta/{name}:runOnDemand
    Executes a scheduled background job immediately and only once, bypassing the normal schedule.

    REST Resource: v1beta.projects.locations.instances.integrations.jobs.jobInstances.logs

    Methods
    get GET /v1beta/{name}
    Get a single IntegrationJobInstanceLog.
    list GET /v1beta/{parent}/logs
    List all IntegrationJobInstanceLogs for a given IntegrationJobInstance.

    REST Resource: v1beta.projects.locations.instances.integrations.jobs.revisions

    Methods
    create POST /v1beta/{parent}/revisions
    Creates a new saved revision (snapshot) of the current job definition.
    delete DELETE /v1beta/{name}
    Deletes a specific job revision.
    list GET /v1beta/{parent}/revisions
    Lists all historical revisions for a specific background job.
    rollback POST /v1beta/{name}:rollback
    Reverts the current background security job definition to a previously saved revision.

    REST Resource: v1beta.projects.locations.instances.integrations.managers

    Methods
    create POST /v1beta/{parent}/managers
    Creates a new custom IntegrationManager.
    delete DELETE /v1beta/{name}
    Deletes a specific custom IntegrationManager.
    fetchTemplate GET /v1beta/{parent}/managers:fetchTemplate
    Returns a default recommended Python script template for an integration manager.
    get GET /v1beta/{name}
    Gets a single IntegrationManager by its resource name.
    list GET /v1beta/{parent}/managers
    Lists all IntegrationManagers defined for a specific integration.
    patch PATCH /v1beta/{integrationManager.name}
    Updates an existing custom IntegrationManager.

    REST Resource: v1beta.projects.locations.instances.integrations.managers.revisions

    Methods
    create POST /v1beta/{parent}/revisions
    Creates a new saved revision (snapshot) of the current manager.
    delete DELETE /v1beta/{name}
    Deletes a specific manager revision.
    get GET /v1beta/{name}
    Gets a single IntegrationManagerRevision by its resource name.
    list GET /v1beta/{parent}/revisions
    Lists all revisions for a specific manager.
    rollback POST /v1beta/{name}:rollback
    Reverts the current manager definition to a previously saved revision.

    REST Resource: v1beta.projects.locations.instances.labsExperiments

    Methods
    execute POST /v1beta/{parent}:execute
    Executes a LabsExperiment.
    get GET /v1beta/{name}
    Gets a LabExperiment.
    list GET /v1beta/{parent}/labsExperiments
    Lists LabsExperiments.
    patch PATCH /v1beta/{labsExperiment.name}
    Update a LabsExperiment.

    REST Resource: v1beta.projects.locations.instances.labsExperiments.executions

    Methods
    get GET /v1beta/{name}
    Retrieves a specific LabsExperimentExecution resource.
    list GET /v1beta/{parent}/executions
    Lists LabsExperimentExecution resources.
    patch PATCH /v1beta/{labsExperimentExecution.name}
    Updates a LabsExperimentExecution.

    REST Resource: v1beta.projects.locations.instances.legacySoarUsers

    Methods
    getLocalization GET /v1beta/{name}
    Gets the localization settings for a specific user.
    getNotificationSettings GET /v1beta/{name}
    Gets the notification settings for a specific user.
    updateLocalization PATCH /v1beta/{userLocalization.name}
    Updates the localization settings for a specific user.
    updateNotificationSettings PATCH /v1beta/{notificationSettings.name}
    Updates the notification settings for a specific user.

    REST Resource: v1beta.projects.locations.instances.legacySoarUsers.attachments

    Methods
    delete DELETE /v1beta/{name}
    Deletes an Attachment.
    download GET /v1beta/{name}:download
    Exports (downloads) an Attachment's raw content.
    get GET /v1beta/{name}
    Gets a single Attachment by its resource name.
    list GET /v1beta/{parent}/attachments
    Lists Attachments belonging to a specific user.
    upload POST /v1beta/{parent}/attachments:create
    POST /upload/v1beta/{parent}/attachments:create
    Creates a new Attachment by uploading a file.

    REST Resource: v1beta.projects.locations.instances.legacySoarUsers.userNotifications

    Methods
    count GET /v1beta/{parent}/userNotifications:count
    Counts UserNotifications for a given user.
    get GET /v1beta/{name}
    Get a User UserNotification.
    list GET /v1beta/{parent}/userNotifications
    Lists User Notifications.
    markAsRead POST /v1beta/{parent}/userNotifications:markAsRead
    Marks UserNotification as read.

    REST Resource: v1beta.projects.locations.instances.legacySoarUsers.workdeskContacts

    Methods
    create POST /v1beta/{parent}/workdeskContacts
    Create a WorkdeskContact.
    delete DELETE /v1beta/{name}
    Delete a WorkdeskContact.
    get GET /v1beta/{name}
    Get a SOAR WorkdeskContact.
    list GET /v1beta/{parent}/workdeskContacts
    Lists SOAR workdeskContacts.
    patch PATCH /v1beta/{workdeskContact.name}
    Update a WorkdeskContact.

    REST Resource: v1beta.projects.locations.instances.legacySoarUsers.workdeskNotes

    Methods
    create POST /v1beta/{parent}/workdeskNotes
    Create a WorkdeskNote.
    delete DELETE /v1beta/{name}
    Delete a WorkdeskNote.
    get GET /v1beta/{name}
    Get a SOAR WorkdeskNote.
    list GET /v1beta/{parent}/workdeskNotes
    Lists SOAR WorkdeskNotes.
    patch PATCH /v1beta/{workdeskNote.name}
    Update a WorkdeskNote.

    REST Resource: v1beta.projects.locations.instances.logTypes

    Methods
    list GET /v1beta/{parent}/logTypes
    Lists all LogTypes.

    REST Resource: v1beta.projects.locations.instances.logTypes.logs

    Methods
    import POST /v1beta/{parent}/logs:import
    Import log telemetry.

    REST Resource: v1beta.projects.locations.instances.marketplaceIntegrations

    Methods
    fetchCommercialDiff GET /v1beta/{name}:fetchCommercialDiff
    Retrieves the differences between the currently installed version of an integration and the commercial version available in the marketplace.
    get GET /v1beta/{name}
    Retrieves detailed metadata for a specific marketplace integration identified by its resource name.
    install POST /v1beta/{parent}:install
    Installs a specific version of a marketplace integration into a SecOps instance.
    list GET /v1beta/{parent}/marketplaceIntegrations
    Returns a paginated list of integrations available in the SecOps Marketplace.
    uninstall POST /v1beta/{name}:uninstall
    Uninstalls a previously installed marketplace integration, removing its components and configuration from the SecOps instance.

    REST Resource: v1beta.projects.locations.instances.moduleSettings

    Methods
    get GET /v1beta/{name}
    Gets a single ModuleSettings resource.
    list GET /v1beta/{parent}/moduleSettings
    Lists available ModuleSettings resources.
    rebrandingSettings GET /v1beta/{parent}/moduleSettings:rebrandingSettings
    Retrieves the branding and visual customization settings for the SecOps platform.

    REST Resource: v1beta.projects.locations.instances.moduleSettings.properties

    Methods
    batchUpdate POST /v1beta/{parent}/properties:batchUpdate
    Updates multiple properties within a single module.
    get GET /v1beta/{name}
    Gets a single ModuleSettingsProperty.
    list GET /v1beta/{parent}/properties
    Lists all properties of a given module setting.
    patch PATCH /v1beta/{moduleSettingsProperty.name}
    Updates a single property of a module setting.
    testSettings POST /v1beta/{parent}/properties:testSettings
    Tests the provided configuration properties.

    REST Resource: v1beta.projects.locations.instances.ontologyRecords.visualFamilies

    Methods
    create POST /v1beta/{parent}/visualFamilies
    Creates a new VisualFamily.
    delete DELETE /v1beta/{name}
    Deletes a VisualFamily.
    export POST /v1beta/{parent}/visualFamilies:export
    Exports VisualFamilies.
    get GET /v1beta/{name}
    Gets a VisualFamily.
    import POST /v1beta/{parent}/visualFamilies:import
    Imports VisualFamilies.
    list GET /v1beta/{parent}/visualFamilies
    Lists VisualFamilies in a given ontology record.
    patch PATCH /v1beta/{visualFamily.name}
    Updates a VisualFamily.

    REST Resource: v1beta.projects.locations.instances.operations

    Methods
    cancel POST /v1beta/{name}:cancel
    Starts asynchronous cancellation on a long-running operation.
    delete DELETE /v1beta/{name}
    Deletes a long-running operation.
    get GET /v1beta/{name}
    Gets the latest state of a long-running operation.
    list GET /v1beta/{name}/operations
    Lists operations that match the specified filter in the request.

    REST Resource: v1beta.projects.locations.instances.propertySchemaDefinitions

    Methods
    create POST /v1beta/{parent}/propertySchemaDefinitions
    Create a PropertySchemaDefinition.
    delete DELETE /v1beta/{name}
    Delete a PropertySchemaDefinition.
    get GET /v1beta/{name}
    Get a PropertySchemaDefinition.
    list GET /v1beta/{parent}/propertySchemaDefinitions
    Lists PropertySchemaDefinitions.
    patch PATCH /v1beta/{propertySchemaDefinition.name}
    Update a PropertySchemaDefinition.

    REST Resource: v1beta.projects.locations.instances.referenceLists

    Methods
    create POST /v1beta/{parent}/referenceLists
    Creates a new reference list.
    get GET /v1beta/{name}
    Gets a single reference list.
    list GET /v1beta/{parent}/referenceLists
    Lists a collection of reference lists.
    patch PATCH /v1beta/{referenceList.name}
    Updates an existing reference list.

    REST Resource: v1beta.projects.locations.instances.remoteAgents

    Methods
    connectorValidRemoteAgents GET /v1beta/{parent}/remoteAgents:connectorValidRemoteAgents
    Lists all RemoteAgents that are valid and compatible with a specific connector.
    create POST /v1beta/{parent}/remoteAgents
    Creates a new RemoteAgent.
    delete DELETE /v1beta/{name}
    Deletes a RemoteAgent.
    fetchEditableRemoteAgents GET /v1beta/{parent}/remoteAgents:fetchEditableRemoteAgents
    Lists all RemoteAgents that the requesting user has permissions to edit.
    fetchInstallationCommand GET /v1beta/{name}:fetchInstallationCommand
    Retrieves the specific command string required to install a RemoteAgent.
    fetchInstallerFile GET /v1beta/{name}:fetchInstallerFile
    Retrieves a download link for the RemoteAgent's installer file.
    fetchRedeployStatus GET /v1beta/{name}:fetchRedeployStatus
    Returns the redeployment status for integrations on a RemoteAgent.
    fetchRemoteAgentsCompatibleWithJobs GET /v1beta/{parent}/remoteAgents:fetchRemoteAgentsCompatibleWithJobs
    Lists all RemoteAgents compatible with executing jobs for a specific integration.
    fetchRemoteAgentsInformation POST /v1beta/{parent}/remoteAgents:fetchRemoteAgentsInformation
    Retrieves detailed information for a list of RemoteAgents.
    get GET /v1beta/{name}
    Gets a single RemoteAgent.
    list GET /v1beta/{parent}/remoteAgents
    Lists RemoteAgents.
    migrateConnectors POST /v1beta/{name}:migrateConnectors
    Migrates legacy connectors on a RemoteAgent from remote to local scheduling.
    patch PATCH /v1beta/{remoteAgent.name}
    Updates an existing RemoteAgent.
    redeployRemoteAgent POST /v1beta/{parent}/remoteAgents:redeployRemoteAgent
    Redeploys configuration from one RemoteAgent to another.
    sendRemoteAgentInstaller POST /v1beta/{name}:sendRemoteAgentInstaller
    Sends the RemoteAgent installer via email.
    upgradeRemoteAgent POST /v1beta/{name}:upgradeRemoteAgent
    Upgrades a RemoteAgent to the latest available version.

    REST Resource: v1beta.projects.locations.instances.requestTemplates

    Methods
    create POST /v1beta/{parent}/requestTemplates
    Defines a new manual request form, specifying the input fields analysts must provide and how the data should be visually mapped in cases.
    delete DELETE /v1beta/{name}
    Permanently removes an obsolete manual request form from the system.
    get GET /v1beta/{name}
    Retrieves the definition of a manual request form, including its display fields, visual mapping, and associated environments.
    list GET /v1beta/{parent}/requestTemplates
    Lists all available manual request forms configured in the system.
    patch PATCH /v1beta/{requestTemplate.name}
    Modifies a manual request form's structure, such as adding or removing fields, or adjusting environment associations.

    REST Resource: v1beta.projects.locations.instances.rules

    Methods
    create POST /v1beta/{parent}/rules
    Creates a new Rule.
    delete DELETE /v1beta/{name}
    Deletes a Rule.
    get GET /v1beta/{name}
    Gets a Rule.
    getDeployment GET /v1beta/{name}
    Gets a RuleDeployment.
    list GET /v1beta/{parent}/rules
    Lists Rules.
    listRevisions GET /v1beta/{name}:listRevisions
    Lists all revisions of the rule.
    patch PATCH /v1beta/{rule.name}
    Updates a Rule.
    updateDeployment PATCH /v1beta/{ruleDeployment.name}
    Updates a RuleDeployment.

    REST Resource: v1beta.projects.locations.instances.rules.deployments

    Methods
    list GET /v1beta/{parent}/deployments
    Lists RuleDeployments across all Rules.

    REST Resource: v1beta.projects.locations.instances.rules.retrohunts

    Methods
    create POST /v1beta/{parent}/retrohunts
    Create a Retrohunt.
    get GET /v1beta/{name}
    Get a Retrohunt.
    list GET /v1beta/{parent}/retrohunts
    List Retrohunts.

    REST Resource: v1beta.projects.locations.instances.slaDefinitions

    Methods
    create POST /v1beta/{parent}/slaDefinitions
    Creates a new SlaDefinition.
    delete DELETE /v1beta/{name}
    Deletes a SlaDefinition.
    export GET /v1beta/{parent}/slaDefinitions:export
    Exports all SlaDefinitions to a CSV file.
    get GET /v1beta/{name}
    Gets a single SlaDefinition.
    import POST /v1beta/{parent}/slaDefinitions:import
    Imports SlaDefinitions from a CSV file.
    list GET /v1beta/{parent}/slaDefinitions
    Lists all SlaDefinitions.
    patch PATCH /v1beta/{slaDefinition.name}
    Updates an existing SlaDefinition.

    REST Resource: v1beta.projects.locations.instances.soarDomains

    Methods
    create POST /v1beta/{parent}/soarDomains
    Create a SoarDomain.
    delete DELETE /v1beta/{name}
    Delete a SoarDomain.
    export GET /v1beta/{parent}/soarDomains:export
    Export SoarDomains.
    get GET /v1beta/{name}
    Get a SoarDomain.
    import POST /v1beta/{parent}/soarDomains:import
    Import SoarDomains.
    list GET /v1beta/{parent}/soarDomains
    Lists soar domains.
    patch PATCH /v1beta/{soarDomain.name}
    Update a SoarDomain.

    REST Resource: v1beta.projects.locations.instances.soarNetworks

    Methods
    create POST /v1beta/{parent}/soarNetworks
    Create a SoarNetwork.
    delete DELETE /v1beta/{name}
    Delete a SoarNetwork.
    deleteAll DELETE /v1beta/{parent}/soarNetworks:all
    Delete a SoarNetwork.
    export GET /v1beta/{parent}/soarNetworks:export
    Export SoarNetworks.
    get GET /v1beta/{name}
    Get a SoarNetwork.
    import POST /v1beta/{parent}/soarNetworks:import
    Import SoarNetworks.
    list GET /v1beta/{parent}/soarNetworks
    Lists SOAR SoarNetworks.
    patch PATCH /v1beta/{soarNetwork.name}
    Update a SoarNetwork.

    REST Resource: v1beta.projects.locations.instances.socRoles

    Methods
    create POST /v1beta/{parent}/socRoles
    Creates a SocRole.
    delete DELETE /v1beta/{name}
    Deletes a SocRole.
    get GET /v1beta/{name}
    Gets a SocRole.
    list GET /v1beta/{parent}/socRoles
    Lists SocRoles.
    patch PATCH /v1beta/{socRole.name}
    Updates a SocRole.

    REST Resource: v1beta.projects.locations.instances.systemNotifications

    Methods
    count GET /v1beta/{parent}/systemNotifications:count
    Counts SystemNotifications for a given user.
    get GET /v1beta/{name}
    Gets a SystemNotifications given a name.
    list GET /v1beta/{parent}/systemNotifications
    Lists SystemNotifications for a given user.
    markAsRead POST /v1beta/{parent}/systemNotifications:markAsRead
    Marks a list of SystemNotifications as read.

    REST Resource: v1beta.projects.locations.instances.tasks

    Methods
    create POST /v1beta/{parent}/tasks
    Create a Task.
    delete DELETE /v1beta/{name}
    Delete a Task.
    get GET /v1beta/{name}
    Get a Task.
    list GET /v1beta/{parent}/tasks
    Lists soar tasks.
    patch PATCH /v1beta/{task.name}
    Update a Task.

    REST Resource: v1beta.projects.locations.instances.threatCollections

    Methods
    fetchEntityMetadata GET /v1beta/{name}:fetchEntityMetadata
    Gets a list of entity metadata for a threat collection.
    fetchIocMatchMetadata GET /v1beta/{parent}/threatCollections:fetchIocMatchMetadata
    Gets a batch (list) of ioc match metadata for a list of threat collections.
    fetchRelated GET /v1beta/{parent}/threatCollections:fetchRelated
    List related threat collections for a threat artifact.
    get GET /v1beta/{name}
    Gets a threat collection by resource name.
    list GET /v1beta/{parent}/threatCollections
    Lists threat collections, which contain reports and tracked threat campaigns from Google Threat Intelligence.

    REST Resource: v1beta.projects.locations.instances.uniqueEntities

    Methods
    addNote POST /v1beta/{parent}/uniqueEntities:addNote
    Adds a comment or note to a unique entity.
    download GET /v1beta/{name}/uniqueEntities:generateReport
    Generates and downloads a report for a unique entity.
    fetchFull POST /v1beta/{parent}/uniqueEntities:fetchFull
    Fetches comprehensive information for a unique entity.
    get GET /v1beta/{name}
    Gets a specific unique entity.
    list GET /v1beta/{parent}/uniqueEntities
    Lists unique entities within a specific instance.
    patch PATCH /v1beta/{uniqueEntity.name}
    Updates properties of a unique entity.

    REST Resource: v1beta.projects.locations.instances.views

    Methods
    fetchPredefined GET /v1beta/{parent}/views:fetchPredefined
    Fetch predefined widgets coming from integations.
    get GET /v1beta/{name}
    Get a View.
    list GET /v1beta/{parent}/views
    List page of Views.
    saveOverviewTemplate POST /v1beta/{parent}/views:saveOverviewTemplate
    Save an overview template.

    REST Resource: v1beta.projects.locations.instances.watchlists

    Methods
    create POST /v1beta/{parent}/watchlists
    Creates a watchlist for the given instance.
    delete DELETE /v1beta/{name}
    Deletes the watchlist for the given instance.
    get GET /v1beta/{name}
    Gets watchlist details for the given watchlist ID.
    list GET /v1beta/{parent}/watchlists
    Lists all watchlists for the given instance.
    patch PATCH /v1beta/{watchlist.name}
    Updates the watchlist for the given instance.

    REST Resource: v1beta.projects.locations.instances.webhooks

    Methods
    WebhookIngestion POST /v1beta/{name}:ingest
    Ingest data for a given webhook.
    create POST /v1beta/{parent}/webhooks
    Create a SOAR webhook configuration.
    delete DELETE /v1beta/{name}
    Delete a webhook.
    exportLogs POST /v1beta/{name}:exportLogs
    Exports logs for a given webhook.
    get GET /v1beta/{name}
    Get a single webhook.
    getLogs GET /v1beta/{name}:getLogs
    Get a log for a given webhook.
    getStatistics GET /v1beta/{name}:getStatistics
    Get statistics for a given webhook.
    list GET /v1beta/{parent}/webhooks
    Lists existing SOAR webhooks.
    patch PATCH /v1beta/{webhook.name}
    Update a webhook.
    revokeUrl POST /v1beta/{name}:revokeUrl
    RevokeUrl revokes a previously registered webhook URL, invalidating it and preventing further access.

    REST Resource: v1alpha.projects.locations.instances

    Methods
    batchValidateWatchlistEntities POST /v1alpha/{parent}:batchValidateWatchlistEntities
    Validates a batch of entities that could be added into watchlist under an instance.
    computeAllFindingsRefinementActivities POST /v1alpha/{instance}:computeAllFindingsRefinementActivities
    Returns findings refinement activity for all findings refinements.
    continuePocGraduation POST /v1alpha/{name}:continuePocGraduation
    ContinuePocGraduation verifies and proceeds graduation.
    countAllCuratedRuleSetDetections POST /v1alpha/{instance}:countAllCuratedRuleSetDetections
    Count detections across all curated rule sets.
    createFeedback POST /v1alpha/{instance}:createFeedback
    RPC to submit user feedback on content generated by AI services.
    delete DELETE /v1alpha/{name}
    DeleteInstance deletes an Instance.
    extractSyslog POST /v1alpha/{instance}:extractSyslog
    ExtractSyslog extracts structured part of log from a unstructured log by running a grok regex over it.
    fetchFederationAccess GET /v1alpha/{name}:fetchFederationAccess
    FetchFederationAccess method lists all the instances the authenticated user has access to and the operations they can perform over these instances.
    findEntity GET /v1alpha/{instance}:findEntity
    Identifies the entity type and retrieves relevant data associated with a specified indicator.
    findEntityAlerts GET /v1alpha/{instance}:findEntityAlerts
    Get alerts for an entity
    findRelatedEntities GET /v1alpha/{instance}:findRelatedEntities
    Finds all the entities associated with provided entity.
    findUdmFieldValues GET /v1alpha/{instance}:findUdmFieldValues
    Finds ingested UDM field values that match a query.
    generateCollectionAgentAuth POST /v1alpha/{name}:generateCollectionAgentAuth
    GenerateCollectionAgentAuth generates an auth json file for the collection agent.
    generateSoarAuthJwt POST /v1alpha/{name}:generateSoarAuthJwt
    GenerateSoarAuthJwt signs a jwt in order to proceed with jwt exchange based authenticate with soar.
    generateSoarChatMessage POST /v1alpha/{instance}:generateSoarChatMessage
    Generates an AI-driven chat response based on a specific security intent.
    generateUdmKeyValueMappings POST /v1alpha/{instance}:generateUdmKeyValueMappings
    GenerateUDMKeyValueMappings generates key value mapping of a raw log.
    generateWorkspaceConnectionToken POST /v1alpha/{name}:generateWorkspaceConnectionToken
    Generates a token that can be used to connect a workspace customer to a chronicle instance
    get GET /v1alpha/{name}
    Gets a Instance.
    getBigQueryExport GET /v1alpha/{name}
    Get the BigQuery export configuration for a Chronicle instance.
    getEnrichmentCombination GET /v1alpha/{name}
    Get the EnrichmentCombination.
    getMultitenantDirectory GET /v1alpha/{name}
    Gets the super and subtenants and gets the current tenant name.
    getRiskConfig GET /v1alpha/{name}
    Queries the instance to get the Risk Configurations used for the computation of Entity Risk Score.
    getThreatCollectionFilterSet GET /v1alpha/{name}
    Get the set of threat collection filter options.
    graduatePocInstance POST /v1alpha/{name}:graduatePocInstance
    GraduatePocInstance graduates an instance.
    legacyCaseFederationPlatforms GET /v1alpha/{parent}/legacyCaseFederationPlatforms
    Lists all LegacyCaseFederationPlatforms configured in the primary instance.
    legacySystemMetadata GET /v1alpha/{instance}/legacySystemMetadata
    Legacy Get System Metadata.
    listAllFindingsRefinementDeployments GET /v1alpha/{instance}:listAllFindingsRefinementDeployments
    Lists all findings refinement deployments.
    patch PATCH /v1alpha/{instance.name}
    Updates an Instance.
    queryProductSourceStats GET /v1alpha/{instance}:queryProductSourceStats
    Gets available product sources along with their stats.
    searchEntities GET /v1alpha/{instance}:searchEntities
    Identifies the entity type and retrieves relevant data associated with a specified indicator.
    searchRawLogs POST /v1alpha/{instance}:searchRawLogs
    Api to get events, entities, or unparsed raw logs matching the given raw log query.
    submitResponseFeedback POST /v1alpha/{instance}:submitResponseFeedback
    Submits user feedback for a specific platform interaction or feature.
    summarizeEntitiesFromQuery GET /v1alpha/{instance}:summarizeEntitiesFromQuery
    Parses the query and identifies the entities contained within the search query.
    summarizeEntity GET /v1alpha/{instance}:summarizeEntity
    Returns all entity data over specified time.
    testFindingsRefinement POST /v1alpha/{instance}:testFindingsRefinement
    Tests for and returns past activity for a findings refinement, including, potentially, times when the findings refinement was not yet created.
    translateUdmQuery POST /v1alpha/{instance}:translateUdmQuery
    Translate natural language to a UDM Search query.
    translateYlRule POST /v1alpha/{instance}:translateYlRule
    Translate natural language to a Yara-L rule.
    udmSearch GET /v1alpha/{instance}:udmSearch
    Performs a UDM search that returns matching events for the query.
    undelete POST /v1alpha/{name}:undelete
    UndeleteInstance undeletes a soft-deleted Instance.
    updateBigQueryExport PATCH /v1alpha/{bigQueryExport.name}
    Update the BigQuery export configuration for a Chronicle instance.
    updateRiskConfig PATCH /v1alpha/{riskConfig.name}
    Updates RiskConfig used for the computation of Entity Risk Score.
    validateQuery GET /v1alpha/{instance}:validateQuery
    Validates UDM search query by compiling the query.
    verifyNonce POST /v1alpha/{name}:verifyNonce
    Verifies the nonce used to graduate an instance.
    verifyReferenceList POST /v1alpha/{instance}:verifyReferenceList
    VerifyReferenceList validates list content and returns line errors, if any.
    verifyRuleText POST /v1alpha/{instance}:verifyRuleText
    Verifies the given rule text.

    REST Resource: v1alpha.projects.locations.instances.alertGroupingRules

    Methods
    create POST /v1alpha/{parent}/alertGroupingRules
    Creates a new alert grouping rule.
    delete DELETE /v1alpha/{name}
    Deletes an alert grouping rule.
    get GET /v1alpha/{name}
    Gets an alert grouping rule.
    list GET /v1alpha/{parent}/alertGroupingRules
    Lists alert grouping rules.
    patch PATCH /v1alpha/{alertGroupingRule.name}
    Updates an existing alert grouping rule.

    REST Resource: v1alpha.projects.locations.instances.analytics

    Methods
    list GET /v1alpha/{parent}/analytics
    Lists all supported analytics for APIs which can filter by analytic type, such as ListAnalyticValues.

    REST Resource: v1alpha.projects.locations.instances.analytics.entities.analyticValues

    Methods
    list GET /v1alpha/{parent}/analyticValues
    Lists analytic values.

    REST Resource: v1alpha.projects.locations.instances.announcements

    Methods
    create POST /v1alpha/{parent}/announcements
    Create an Announcement.
    delete DELETE /v1alpha/{name}
    Delete an Announcement.
    get GET /v1alpha/{name}
    Get an Announcement.
    list GET /v1alpha/{parent}/announcements
    List page of Announcements.
    patch PATCH /v1alpha/{announcement.name}
    Update an Announcement.

    REST Resource: v1alpha.projects.locations.instances.bigQueryAccess

    Methods
    provide POST /v1alpha/{parent}/bigQueryAccess:provide
    Provide BigQuery access for the given email.

    REST Resource: v1alpha.projects.locations.instances.bigQueryExport

    Methods
    provision POST /v1alpha/{parent}/bigQueryExport:provision
    Provision the BigQuery export for a Chronicle instance.

    REST Resource: v1alpha.projects.locations.instances.caseCloseDefinitions

    Methods
    create POST /v1alpha/{parent}/caseCloseDefinitions
    Creates a new CaseCloseDefinition.
    delete DELETE /v1alpha/{name}
    Deletes a CaseCloseDefinition.
    get GET /v1alpha/{name}
    Gets a single CaseCloseDefinition by its resource name.
    list GET /v1alpha/{parent}/caseCloseDefinitions
    Lists all CaseCloseDefinitions.
    patch PATCH /v1alpha/{caseCloseDefinition.name}
    Updates an existing CaseCloseDefinition.

    REST Resource: v1alpha.projects.locations.instances.caseQueueFilters

    Methods
    create POST /v1alpha/{parent}/caseQueueFilters
    Creates a new CaseQueueFilter.
    delete DELETE /v1alpha/{name}
    Deletes a CaseQueueFilter.
    get GET /v1alpha/{name}
    Gets a single CaseQueueFilter by its resource name.
    getShareConfig GET /v1alpha/{name}
    Gets the ShareConfig for a specific CaseQueueFilter.
    list GET /v1alpha/{parent}/caseQueueFilters
    Lists CaseQueueFilters available to the user.
    patch PATCH /v1alpha/{caseQueueFilter.name}
    Updates an existing CaseQueueFilter.
    updateShareConfig PATCH /v1alpha/{shareConfig.name}
    Updates the ShareConfig for a specific CaseQueueFilter.

    REST Resource: v1alpha.projects.locations.instances.caseStageDefinitions

    Methods
    create POST /v1alpha/{parent}/caseStageDefinitions
    Creates a new CaseStageDefinition.
    delete DELETE /v1alpha/{name}
    Deletes a CaseStageDefinition.
    get GET /v1alpha/{name}
    Gets a single CaseStageDefinition by its resource name.
    list GET /v1alpha/{parent}/caseStageDefinitions
    Lists all CaseStageDefinitions available in the instance.
    patch PATCH /v1alpha/{caseStageDefinition.name}
    Updates an existing CaseStageDefinition.

    REST Resource: v1alpha.projects.locations.instances.caseTagDefinitions

    Methods
    create POST /v1alpha/{parent}/caseTagDefinitions
    Creates a new CaseTagDefinition.
    delete DELETE /v1alpha/{name}
    Deletes a CaseTagDefinition.
    get GET /v1alpha/{name}
    Gets a single CaseTagDefinition by its resource name.
    import POST /v1alpha/{parent}/caseTagDefinitions:import
    Imports CaseTagDefinitions from a CSV file.
    list GET /v1alpha/{parent}/caseTagDefinitions
    Lists all CaseTagDefinitions available in the instance.
    patch PATCH /v1alpha/{caseTagDefinition.name}
    Updates an existing CaseTagDefinition.

    REST Resource: v1alpha.projects.locations.instances.cases

    Methods
    addTag POST /v1alpha/{name}:addTag
    Adds a tag to a Case.
    countPriorities GET /v1alpha/{parent}/cases:countPriorities
    Returns counts of cases aggregated by priority for a given set of filters.
    createInsight POST /v1alpha/{name}:createInsight
    Adds an insight to a Case.
    executeBulkAddTag POST /v1alpha/{parent}/cases:executeBulkAddTag
    Adds a tag to multiple cases in a single operation.
    executeBulkAssign POST /v1alpha/{parent}/cases:executeBulkAssign
    Assigns multiple cases to a specific analyst or SOC role in bulk.
    executeBulkChangePriority POST /v1alpha/{parent}/cases:executeBulkChangePriority
    Changes the priority level for multiple cases in bulk.
    executeBulkChangeStage POST /v1alpha/{parent}/cases:executeBulkChangeStage
    Updates the case stage for multiple cases in bulk.
    executeBulkClose POST /v1alpha/{parent}/cases:executeBulkClose
    Closes multiple cases in a single operation.
    executeBulkReopen POST /v1alpha/{parent}/cases:executeBulkReopen
    Reopens multiple previously closed cases in a single operation.
    generateReport POST /v1alpha/{name}:generateReport
    Generates a report for a Case in a specified format (e.g., PDF, HTML).
    get GET /v1alpha/{name}
    Gets a single Case by its resource name.
    getCaseOverviewData GET /v1alpha/{name}:caseOverviewData
    Retrieves the case view metadaata.
    getOrCreateCaseSummary POST /v1alpha/{name}:getOrCreateCaseSummary
    Gets or initiates the creation of an AI-driven summary for a case.
    list GET /v1alpha/{parent}/cases
    Lists Cases in an instance.
    merge POST /v1alpha/{parent}/cases:merge
    Merges one or more cases into a single destination case.
    patch PATCH /v1alpha/{case.name}
    Updates an existing Case.
    pauseSla POST /v1alpha/{name}:pauseSla
    Pauses the Service Level Agreement (SLA) timer for a specific Case.
    removeTag POST /v1alpha/{name}:removeTag
    Removes a tag from a Case.
    resolveOverviewWidget GET /v1alpha/{name}:resolveOverviewWidget
    Resolves updated data for a specific case overview widget.
    resumeSla POST /v1alpha/{name}:resumeSla
    Resumes a previously paused SLA timer for a Case.

    REST Resource: v1alpha.projects.locations.instances.cases.alerts.customFieldValues

    Methods
    batchUpdate POST /v1alpha/{parent}/customFieldValues:batchUpdate
    Performs a bulk update of multiple custom field values in a single operation.
    get GET /v1alpha/{name}
    Gets a single custom field value by its resource name.
    list GET /v1alpha/{parent}/customFieldValues
    Lists all custom field values for a specific case or alert.
    patch PATCH /v1alpha/{customFieldValue.name}
    Updates (or creates if not present) the value of a custom field.

    REST Resource: v1alpha.projects.locations.instances.cases.caseAlerts

    Methods
    addTag POST /v1alpha/{name}:addTag
    Add a case alert tag.
    createRecommendationLongRunning POST /v1alpha/{parent}:createRecommendationLongRunning
    Initiates an asynchronous request to generate a new AI recommendation for an alert.
    fetchRecommendation GET /v1alpha/{parent}/caseAlerts:fetchRecommendation
    Fetches a previously generated AI-driven recommendation for an alert.
    get GET /v1alpha/{name}
    Gets a single CaseAlert.
    getAlertOverviewData GET /v1alpha/{name}:alertOverviewData
    Retrieves a view of widgets for a specific alert.
    list GET /v1alpha/{parent}/caseAlerts
    Lists CaseAlerts within a specific Case.
    move POST /v1alpha/{name}:move
    Moves a CaseAlert to a different Case.
    patch PATCH /v1alpha/{caseAlert.name}
    Updates an existing CaseAlert.
    pauseSla POST /v1alpha/{name}:pauseSla
    Pauses the SLA timer for a CaseAlert.
    removeTag POST /v1alpha/{name}:removeTag
    Remove a case alert tag.
    resolveOverviewWidget GET /v1alpha/{name}:resolveOverviewWidget
    Resolves the data for a specific alert overview widget.
    resumeSla POST /v1alpha/{name}:resumeSla
    Resumes a previously paused SLA timer for a CaseAlert.
    setSla POST /v1alpha/{name}:setSla
    Sets the Service Level Agreement (SLA) for a specific CaseAlert.

    REST Resource: v1alpha.projects.locations.instances.cases.caseAlerts.connectorEvents

    Methods
    get GET /v1alpha/{name}
    Get a ConnectorEvent.
    getFormatted GET /v1alpha/{parent}/connectorEvents:formatted
    Get a formatted ConnectorEvents for a given case/alert.
    list GET /v1alpha/{parent}/connectorEvents
    List page of ConnectorEvents.

    REST Resource: v1alpha.projects.locations.instances.cases.caseAlerts.contextProperties

    Methods
    clearAll POST /v1alpha/{parent}/contextProperties:clearAll
    Deletes all context properties associated with a specific parent context.
    create POST /v1alpha/{parent}/contextProperties
    Creates a new context property.
    delete DELETE /v1alpha/{name}
    Deletes a specific context property.
    get GET /v1alpha/{name}
    Gets a single context property by its resource name.
    list GET /v1alpha/{parent}/contextProperties
    Lists all context properties for a specific parent entity.
    patch PATCH /v1alpha/{contextProperty.name}
    Updates an existing context property.

    REST Resource: v1alpha.projects.locations.instances.cases.caseAlerts.involvedEntities

    Methods
    addProperty POST /v1alpha/{name}:addProperty
    Adds a new custom property to an InvolvedEntity.
    create POST /v1alpha/{parent}/involvedEntities
    Manually adds a new InvolvedEntity to a case and alert.
    fetchCards GET /v1alpha/{parent}/involvedEntities:fetchCards
    Returns metadate of each involved entity in a specific alert, including their connectivity and high-level status.
    get GET /v1alpha/{name}
    Gets a single InvolvedEntity by its resource name.
    list GET /v1alpha/{parent}/involvedEntities
    Lists all InvolvedEntities associated with a specific case and alert.
    patch PATCH /v1alpha/{involvedEntity.name}
    Updates an existing InvolvedEntity.
    updateProperty POST /v1alpha/{name}:updateProperty
    Updates the value of an existing custom property on an InvolvedEntity.

    REST Resource: v1alpha.projects.locations.instances.cases.caseComments

    Methods
    create POST /v1alpha/{parent}/caseComments
    Creates a new CaseComment.
    delete DELETE /v1alpha/{name}
    Performs a soft delete of a CaseComment.
    get GET /v1alpha/{name}
    Gets a single CaseComment by its resource name.
    list GET /v1alpha/{parent}/caseComments
    Lists CaseComments associated with a specific Case.
    patch PATCH /v1alpha/{caseComment.name}
    Updates an existing CaseComment.

    REST Resource: v1alpha.projects.locations.instances.cases.caseWallRecords

    Methods
    favorite PATCH /v1alpha/{favoriteRequest.name}:favorite
    Sets or unsets (toggles) the favorite status of a wall record.
    fetchActivitiesCount GET /v1alpha/{parent}/caseWallRecords:fetchActivitiesCount
    Returns the count of case activities, optionally filtered by type.
    get GET /v1alpha/{name}
    Gets a single CaseWallRecord by its resource name.
    list GET /v1alpha/{parent}/caseWallRecords
    Lists CaseWallRecords for a specific Case.

    REST Resource: v1alpha.projects.locations.instances.cases.chatMessages

    Methods
    create POST /v1alpha/{parent}/chatMessages
    Creates a Case-chat message.
    get GET /v1alpha/{name}
    Gets a Case-chat message.
    list GET /v1alpha/{parent}/chatMessages
    Lists all Case-chat messages for a given case.
    pinMessage POST /v1alpha/{name}:pinMessage
    Pins a Case-chat message to the case wall.
    unpinMessage POST /v1alpha/{name}:unpinMessage
    Unpins a Case-chat message from the case wall.
    unreadMessagesCount GET /v1alpha/{parent}/chatMessages:unreadMessagesCount
    Gets the amount of unread messages for current user
    upload POST /v1alpha/{parent}/chatMessages:createWithAttachment
    POST /upload/v1alpha/{parent}/chatMessages:createWithAttachment
    Creates a Case-chat message with an attachment.

    REST Resource: v1alpha.projects.locations.instances.cases.chatMessages.attachments

    Methods
    download GET /v1alpha/{name}:download
    Downloads a Case-chat message attachment.

    REST Resource: v1alpha.projects.locations.instances.cases.contextProperties

    Methods
    clearAll POST /v1alpha/{parent}/contextProperties:clearAll
    Deletes all context properties associated with a specific parent context.
    create POST /v1alpha/{parent}/contextProperties
    Creates a new context property.
    delete DELETE /v1alpha/{name}
    Deletes a specific context property.
    get GET /v1alpha/{name}
    Gets a single context property by its resource name.
    list GET /v1alpha/{parent}/contextProperties
    Lists all context properties for a specific parent entity.
    patch PATCH /v1alpha/{contextProperty.name}
    Updates an existing context property.

    REST Resource: v1alpha.projects.locations.instances.cases.customFieldValues

    Methods
    batchUpdate POST /v1alpha/{parent}/customFieldValues:batchUpdate
    Performs a bulk update of multiple custom field values in a single operation.
    get GET /v1alpha/{name}
    Gets a single custom field value by its resource name.
    list GET /v1alpha/{parent}/customFieldValues
    Lists all custom field values for a specific case or alert.
    patch PATCH /v1alpha/{customFieldValue.name}
    Updates (or creates if not present) the value of a custom field.

    REST Resource: v1alpha.projects.locations.instances.contentHub.contentPacks

    Methods
    add POST /v1alpha/{parent}/contentPacks:add
    Creates a new custom ContentPack.
    alignPlaybooks POST /v1alpha/{name}:alignPlaybooks
    Aligns playbooks in a content pack with configured integration instances.
    delete DELETE /v1alpha/{name}
    Deletes a specific ContentPack.
    deployConnectorInstances POST /v1alpha/{name}:deployConnectorInstances
    Deploys connector instances from a content pack.
    deployPlaybooks POST /v1alpha/{name}:deployPlaybooks
    Deploys playbooks contained within a content pack.
    deployTestCases POST /v1alpha/{name}:deployTestCases
    Deploys test cases from a content pack into the SecOps instance.
    download GET /v1alpha/{name}:exportPack
    Exports a content pack as a ZIP file.
    get GET /v1alpha/{name}
    Gets a single ContentPack by its resource name.
    installIntegration POST /v1alpha/{name}:installIntegration
    Installs a specific integration from a content pack.
    list GET /v1alpha/{parent}/contentPacks
    Lists ContentPacks available in the Content Hub.
    markAsDeployed POST /v1alpha/{name}:markAsDeployed
    Marks a content pack as fully deployed.
    upload POST /v1alpha/{parent}/contentPacks:importPack
    POST /upload/v1alpha/{parent}/contentPacks:importPack
    Imports a content pack from a ZIP file (up to 500MB).

    REST Resource: v1alpha.projects.locations.instances.contentHub.featuredContentNativeDashboards

    Methods
    get GET /v1alpha/{name}
    Get a native dashboard featured content.
    install POST /v1alpha/{name}:install
    Install a native dashboard featured content.
    list GET /v1alpha/{parent}/featuredContentNativeDashboards
    List all native dashboards featured content.

    REST Resource: v1alpha.projects.locations.instances.contentHub.featuredContentRules

    Methods
    list GET /v1alpha/{parent}/featuredContentRules
    Lists FeaturedContentRules

    REST Resource: v1alpha.projects.locations.instances.contentHub.featuredContentSearchQueries

    Methods
    get GET /v1alpha/{name}
    Get a search featured content.
    installFeaturedContentSearchQuery POST /v1alpha/{name}
    Install a search featured content.
    list GET /v1alpha/{parent}/featuredContentSearchQueries
    List all searches featured content.

    REST Resource: v1alpha.projects.locations.instances.contextProperties

    Methods
    clearAll POST /v1alpha/{parent}/contextProperties:clearAll
    Deletes all context properties associated with a specific parent context.
    create POST /v1alpha/{parent}/contextProperties
    Creates a new context property.
    delete DELETE /v1alpha/{name}
    Deletes a specific context property.
    get GET /v1alpha/{name}
    Gets a single context property by its resource name.
    list GET /v1alpha/{parent}/contextProperties
    Lists all context properties for a specific parent entity.
    patch PATCH /v1alpha/{contextProperty.name}
    Updates an existing context property.

    REST Resource: v1alpha.projects.locations.instances.coverageDetails

    Methods
    get GET /v1alpha/{name}
    Get coverage details for a threat collection and rule combination.
    list GET /v1alpha/{parent}/coverageDetails
    List coverage details for threat collection and rule combinations.

    REST Resource: v1alpha.projects.locations.instances.curatedRuleSetCategories

    Methods
    get GET /v1alpha/{name}
    Gets a CuratedRuleSetCategory.
    list GET /v1alpha/{parent}/curatedRuleSetCategories
    Lists CuratedRuleSetCategories.

    REST Resource: v1alpha.projects.locations.instances.curatedRuleSetCategories.curatedRuleSets

    Methods
    countCuratedRuleSetDetections POST /v1alpha/{name}:countCuratedRuleSetDetections
    Counts the detections generated by a CuratedRuleSet.
    get GET /v1alpha/{name}
    Gets a CuratedRuleSet.
    list GET /v1alpha/{parent}/curatedRuleSets
    Lists CuratedRuleSets.

    REST Resource: v1alpha.projects.locations.instances.curatedRuleSetCategories.curatedRuleSets.curatedRuleSetDeployments

    Methods
    batchUpdate POST /v1alpha/{parent}/curatedRuleSetDeployments:batchUpdate
    Update multiple deployments of curated rule sets.
    get GET /v1alpha/{name}
    Get a deployment of a curated rule set.
    list GET /v1alpha/{parent}/curatedRuleSetDeployments
    Lists deployments for a curated rule set.
    patch PATCH /v1alpha/{curatedRuleSetDeployment.name}
    Update a deployment of a curated rule set.

    REST Resource: v1alpha.projects.locations.instances.curatedRules

    Methods
    get GET /v1alpha/{name}
    Gets a CuratedRule.
    list GET /v1alpha/{parent}/curatedRules
    Lists CuratedRules.

    REST Resource: v1alpha.projects.locations.instances.customFields

    Methods
    create POST /v1alpha/{parent}/customFields
    Create a CustomField.
    delete DELETE /v1alpha/{name}
    Delete a CustomField.
    get GET /v1alpha/{name}
    Get a CustomField.
    list GET /v1alpha/{parent}/customFields
    Lists custom fields.
    patch PATCH /v1alpha/{customField.name}
    Update a CustomField.

    REST Resource: v1alpha.projects.locations.instances.customLists

    Methods
    batchDelete POST /v1alpha/{parent}/customLists:batchDelete
    Deletes multiple custom list entries in a single operation.
    create POST /v1alpha/{parent}/customLists
    Creates a new custom list entry.
    delete DELETE /v1alpha/{name}
    Deletes a specific custom list entry.
    export POST /v1alpha/{parent}/customLists:export
    Exports selected custom lists as a CSV file.
    get GET /v1alpha/{name}
    Gets a single custom list entry by its resource name.
    import POST /v1alpha/{parent}/customLists:import
    Imports multiple custom list entries from a CSV file.
    list GET /v1alpha/{parent}/customLists
    Lists all custom list entries in the instance.
    patch PATCH /v1alpha/{customList.name}
    Updates an existing custom list entry.

    REST Resource: v1alpha.projects.locations.instances.dashboardCharts

    Methods
    batchGet GET /v1alpha/{parent}/dashboardCharts:batchGet
    Get dashboard charts in batches.
    get GET /v1alpha/{name}
    Get a dashboard chart.

    REST Resource: v1alpha.projects.locations.instances.dashboardQueries

    Methods
    execute POST /v1alpha/{parent}/dashboardQueries:execute
    Execute a query and return the data.
    get GET /v1alpha/{name}
    Get a dashboard query.

    REST Resource: v1alpha.projects.locations.instances.dashboardScheduledReports

    Methods
    create POST /v1alpha/{parent}/dashboardScheduledReports
    Create a Dashboard Scheduled Report.
    delete DELETE /v1alpha/{name}
    Delete a Dashboard Scheduled Report.
    duplicate POST /v1alpha/{name}:duplicate
    Duplicate a scheduled report.
    fetchHistory GET /v1alpha/{name}:fetchHistory
    Retrieves details of past report runs for a specific scheduled report from the last year, including run count, status, and other success/failure information.
    get GET /v1alpha/{name}
    Get a Dashboard Scheduled Report.
    list GET /v1alpha/{parent}/dashboardScheduledReports
    List Dashboard Scheduled Reports.
    patch PATCH /v1alpha/{dashboardScheduledReport.name}
    Update a Dashboard Scheduled Report.
    trigger POST /v1alpha/{name}:trigger
    Sends the given report immediately.

    REST Resource: v1alpha.projects.locations.instances.dashboards

    Methods
    copy POST /v1alpha/{name}:copy
    Copy a dashboard of one type to a dashbooard of another type.
    create POST /v1alpha/{parent}/dashboards
    Create a dashboard.
    delete DELETE /v1alpha/{name}
    Delete a dashboard.
    get GET /v1alpha/{name}
    Get a dashboard.
    list GET /v1alpha/{parent}/dashboards
    List all dashboards.

    REST Resource: v1alpha.projects.locations.instances.dataAccessLabels

    Methods
    create POST /v1alpha/{parent}/dataAccessLabels
    Creates a data access label.
    delete DELETE /v1alpha/{name}
    Deletes a data access label.
    get GET /v1alpha/{name}
    Gets a data access label.
    list GET /v1alpha/{parent}/dataAccessLabels
    Lists all data access labels for the customer.
    patch PATCH /v1alpha/{dataAccessLabel.name}
    Updates a data access label.

    REST Resource: v1alpha.projects.locations.instances.dataAccessScopes

    Methods
    create POST /v1alpha/{parent}/dataAccessScopes
    Creates a data access scope.
    delete DELETE /v1alpha/{name}
    Deletes a data access scope.
    get GET /v1alpha/{name}
    Retrieves an existing data access scope.
    list GET /v1alpha/{parent}/dataAccessScopes
    Lists all existing data access scopes for the customer.
    patch PATCH /v1alpha/{dataAccessScope.name}
    Updates a data access scope.

    REST Resource: v1alpha.projects.locations.instances.dataExports

    Methods
    cancel POST /v1alpha/{name}:cancel
    Cancels a DataExport.
    create POST /v1alpha/{parent}/dataExports
    Creates a new DataExport.
    fetchServiceAccountForDataExport GET /v1alpha/{parent}/dataExports:fetchServiceAccountForDataExport
    Fetches the service account for Data Export for a chronicle instance.
    fetchavailablelogtypes POST /v1alpha/{parent}/dataExports:fetchavailablelogtypes
    Fetches available log types for export.
    get GET /v1alpha/{name}
    Gets a DataExport.
    list GET /v1alpha/{parent}/dataExports
    Lists Data Export requests.
    patch PATCH /v1alpha/{dataExport.name}
    Updates a Data Export request.

    REST Resource: v1alpha.projects.locations.instances.dataTableOperationErrors

    Methods
    get GET /v1alpha/{name}
    Get the error for a data table operation.

    REST Resource: v1alpha.projects.locations.instances.dataTables

    Methods
    create POST /v1alpha/{parent}/dataTables
    Create a new data table.
    delete DELETE /v1alpha/{name}
    Delete data table.
    get GET /v1alpha/{name}
    Get data table info.
    list GET /v1alpha/{parent}/dataTables
    List data tables.
    patch PATCH /v1alpha/{dataTable.name}
    Update data table.
    upload POST /v1alpha/{parent}/dataTables:bulkCreateDataTableAsync
    POST /upload/v1alpha/{parent}/dataTables:bulkCreateDataTableAsync
    Create data table from a bulk file.

    REST Resource: v1alpha.projects.locations.instances.dataTables.dataTableRows

    Methods
    bulkCreate POST /v1alpha/{parent}/dataTableRows:bulkCreate
    Create data table rows in bulk.
    bulkCreateAsync POST /v1alpha/{parent}/dataTableRows:bulkCreateAsync
    Create data table rows in bulk asynchronously.
    bulkGet POST /v1alpha/{parent}/dataTableRows:bulkGet
    Get data table rows in bulk.
    bulkReplace POST /v1alpha/{parent}/dataTableRows:bulkReplace
    Replace all existing data table rows with new data table rows.
    bulkReplaceAsync POST /v1alpha/{parent}/dataTableRows:bulkReplaceAsync
    Replace all existing data table rows with new data table rows asynchronously.
    bulkUpdate POST /v1alpha/{parent}/dataTableRows:bulkUpdate
    Update data table rows in bulk.
    bulkUpdateAsync POST /v1alpha/{parent}/dataTableRows:bulkUpdateAsync
    Update data table rows in bulk asynchronously.
    create POST /v1alpha/{parent}/dataTableRows
    Create a new data table row.
    delete DELETE /v1alpha/{name}
    Delete data table row.
    get GET /v1alpha/{name}
    Get data table row
    list GET /v1alpha/{parent}/dataTableRows
    List data table rows.
    patch PATCH /v1alpha/{dataTableRow.name}
    Update data table row
    upload POST /v1alpha/{parent}/dataTableRows:bulkAppendAsync
    POST /upload/v1alpha/{parent}/dataTableRows:bulkAppendAsync
    Append data table rows in bulk from a file asynchronously.

    REST Resource: v1alpha.projects.locations.instances.dataTaps

    Methods
    create POST /v1alpha/{parent}/dataTaps
    Creates a DataTap.
    delete DELETE /v1alpha/{name}
    Deletes a DataTap.
    get GET /v1alpha/{name}
    Gets a DataTap.
    list GET /v1alpha/{parent}/dataTaps
    Lists DataTaps.
    patch PATCH /v1alpha/{dataTap.name}
    Updates a DataTap.

    REST Resource: v1alpha.projects.locations.instances.dynamicParameters

    Methods
    create POST /v1alpha/{parent}/dynamicParameters
    Creates a new DynamicParameter.
    delete DELETE /v1alpha/{name}
    Deletes a DynamicParameter.
    export POST /v1alpha/{parent}/dynamicParameters:export
    Exports all DynamicParameters defined in the instance to a CSV file.
    get GET /v1alpha/{name}
    Gets a single DynamicParameter by its resource name.
    import POST /v1alpha/{parent}/dynamicParameters:import
    Imports DynamicParameters from a CSV file.
    list GET /v1alpha/{parent}/dynamicParameters
    Lists all DynamicParameters defined in the instance.
    patch PATCH /v1alpha/{dynamicParameter.name}
    Updates an existing DynamicParameter.

    REST Resource: v1alpha.projects.locations.instances.emailTemplates

    Methods
    batchDelete POST /v1alpha/{parent}/emailTemplates:batchDelete
    Batch delete email templates.
    create POST /v1alpha/{parent}/emailTemplates
    Creates an EmailTemplate for a given instance.
    delete DELETE /v1alpha/{name}
    Deletes an EmailTemplate for a given instance.
    export POST /v1alpha/{parent}/emailTemplates:export
    Export email templates as file stream.
    get GET /v1alpha/{name}
    Gets an EmailTemplate by name.
    import POST /v1alpha/{parent}/emailTemplates:import
    Import email templates from file stream.
    list GET /v1alpha/{parent}/emailTemplates
    Lists all EmailTemplates for a given instance.
    patch PATCH /v1alpha/{emailTemplate.name}
    Updates an EmailTemplate for a given instance.

    REST Resource: v1alpha.projects.locations.instances.enrichmentControls

    Methods
    create POST /v1alpha/{parent}/enrichmentControls
    Create an EnrichmentControl resource.
    delete DELETE /v1alpha/{name}
    Delete an EnrichmentControl.
    disable POST /v1alpha/{name}:disable
    Disable an EnrichmentControl.
    get GET /v1alpha/{name}
    Get an EnrichmentControl.
    list GET /v1alpha/{parent}/enrichmentControls
    List all EnrichmentControls.

    REST Resource: v1alpha.projects.locations.instances.entities

    Methods
    get GET /v1alpha/{name}
    Gets an entity by name.
    import POST /v1alpha/{parent}/entities:import
    ImportEntities import the entities.
    modifyEntityRiskScore POST /v1alpha/{name}:modifyEntityRiskScore
    Modify base entity risk score for an entity.
    queryEntityRiskScoreModifications GET /v1alpha/{name}:queryEntityRiskScoreModifications
    Query modifications to base entity risk score for an entity.

    REST Resource: v1alpha.projects.locations.instances.entitiesBlocklists

    Methods
    create POST /v1alpha/{parent}/entitiesBlocklists
    Create a EntitiesBlocklist.
    delete DELETE /v1alpha/{name}
    Delete a EntitiesBlocklist.
    get GET /v1alpha/{name}
    Get a EntitiesBlocklist.
    list GET /v1alpha/{parent}/entitiesBlocklists
    List page of EntitiesBlocklists.
    patch PATCH /v1alpha/{entitiesBlocklist.name}
    Update a EntitiesBlocklist.

    REST Resource: v1alpha.projects.locations.instances.entityRiskScores

    Methods
    query GET /v1alpha/{instance}/entityRiskScores:query
    Queries the instance for EntityRiskScores.

    REST Resource: v1alpha.projects.locations.instances.environmentGroups

    Methods
    create POST /v1alpha/{parent}/environmentGroups
    Creates a new EnvironmentGroup.
    delete DELETE /v1alpha/{name}
    Deletes a specific EnvironmentGroup.
    get GET /v1alpha/{name}
    Gets a single EnvironmentGroup by its name.
    list GET /v1alpha/{parent}/environmentGroups
    Lists all EnvironmentGroups available in the instance.
    patch PATCH /v1alpha/{environmentGroup.name}
    Updates an existing EnvironmentGroup.

    REST Resource: v1alpha.projects.locations.instances.environments

    Methods
    create POST /v1alpha/{parent}/environments
    Creates a new Environment.
    delete DELETE /v1alpha/{name}
    Deletes a specific Environment.
    get GET /v1alpha/{name}
    Gets a single Environment by its resource name.
    list GET /v1alpha/{parent}/environments
    Lists all Environments available in the instance.
    patch PATCH /v1alpha/{environment.name}
    Updates an existing Environment.
    resetWeights POST /v1alpha/{name}/environments:resetWeights
    Resets the resource distribution weights for all environments.

    REST Resource: v1alpha.projects.locations.instances.errorNotificationConfigs

    Methods
    create POST /v1alpha/{parent}/errorNotificationConfigs
    Creates a new error notification config for the customer
    delete DELETE /v1alpha/{name}
    Deletes an error notification config.
    get GET /v1alpha/{name}
    Gets a single error notification config.
    list GET /v1alpha/{parent}/errorNotificationConfigs
    Lists error notification configurations for the customer.
    patch PATCH /v1alpha/{errorNotificationConfig.name}
    Updates an error notification config.

    REST Resource: v1alpha.projects.locations.instances.events

    Methods
    batchGet GET /v1alpha/{parent}/events:batchGet
    Gets a batch (list) of events given a list of names and a parent.
    fetchEnrichedEvent GET /v1alpha/{name}:fetchEnrichedEvent
    Gets the enriched event for a given event id.
    get GET /v1alpha/{name}
    Gets an event given a name.
    import POST /v1alpha/{parent}/events:import
    ImportEvents import the events.

    REST Resource: v1alpha.projects.locations.instances.federationGroups

    Methods
    create POST /v1alpha/{parent}/federationGroups
    CreateFederationGroup method creates a new Federation group.
    delete DELETE /v1alpha/{name}
    DeleteFederationGroup method deletes a Federation group.
    get GET /v1alpha/{name}
    GetFederationGroup method gets a Federation group.
    list GET /v1alpha/{parent}/federationGroups
    ListFederationGroups method lists all Federation groups.
    patch PATCH /v1alpha/{federationGroup.name}
    UpdateFederationGroup method updates a Federation group.

    REST Resource: v1alpha.projects.locations.instances.feedPacks

    Methods
    get GET /v1alpha/{name}
    Gets a feed pack.
    list GET /v1alpha/{parent}/feedPacks
    Lists Packs for which feeds can be configured.

    REST Resource: v1alpha.projects.locations.instances.feedServiceAccounts

    Methods
    fetchServiceAccountForCustomer GET /v1alpha/{parent}/feedServiceAccounts:fetchServiceAccountForCustomer
    Fetch Chronicle's service account used for ingesting data from Cloud Storage buckets.

    REST Resource: v1alpha.projects.locations.instances.feedSourceTypeSchemas

    Methods
    list GET /v1alpha/{parent}/feedSourceTypeSchemas
    List all FeedSourceTypeSchemas.

    REST Resource: v1alpha.projects.locations.instances.feedSourceTypeSchemas.logTypeSchemas

    Methods
    list GET /v1alpha/{parent}/logTypeSchemas
    List all LogTypeSchemas compatible with a given FeedSourceType.

    REST Resource: v1alpha.projects.locations.instances.feeds

    Methods
    create POST /v1alpha/{parent}/feeds
    Creates a feed.
    delete DELETE /v1alpha/{name}
    Deletes a feed.
    disable POST /v1alpha/{name}:disable
    Disable feed for ingestion.
    enable POST /v1alpha/{name}:enable
    Enable feed for ingestion.
    generateSecret POST /v1alpha/{name}:generateSecret
    Generates a new secret for https push feeds which do not support jwt tokens.
    get GET /v1alpha/{name}
    Gets a feed.
    importPushLogs POST /v1alpha/{parent}:importPushLogs
    Import logs coming from https push feeds.
    list GET /v1alpha/{parent}/feeds
    Lists all feeds for the customer.
    patch PATCH /v1alpha/{feed.name}
    Updates the full feed.
    scheduleTransfer POST /v1alpha/{name}:scheduleTransfer
    Schedules a feed transfer for the feed.

    REST Resource: v1alpha.projects.locations.instances.findingsGraph

    Methods
    exploreNode GET /v1alpha/{name}:exploreNode
    Explores a node to find related nodes if it is an IndividualNode or retrieve the individual nodes within the group if it is a GroupNode and return a graph composed by the nodes and their edges over a time range.
    initializeGraph GET /v1alpha/{name}:initializeGraph
    Initialize a graph from a resource such as a detection or an entity.

    REST Resource: v1alpha.projects.locations.instances.findingsRefinements

    Methods
    computeFindingsRefinementActivity POST /v1alpha/{name}:computeFindingsRefinementActivity
    Returns findings refinement activity for a specific findings refinement.
    create POST /v1alpha/{parent}/findingsRefinements
    Creates a new findings refinement.
    get GET /v1alpha/{name}
    Gets a single findings refinement.
    getDeployment GET /v1alpha/{name}
    Gets a findings refinement deployment.
    list GET /v1alpha/{parent}/findingsRefinements
    Lists a collection of findings refinements.
    patch PATCH /v1alpha/{findingsRefinement.name}
    Updates a findings refinement.
    updateDeployment PATCH /v1alpha/{findingsRefinementDeployment.name}
    Updates a findings refinement deployment.

    REST Resource: v1alpha.projects.locations.instances.formDynamicParameters

    Methods
    get GET /v1alpha/{name}
    Gets a single FormDynamicParameter by its resource name.
    list GET /v1alpha/{parent}/formDynamicParameters
    Lists all FormDynamicParameters defined in the instance.
    saveForm POST /v1alpha/{parent}/formDynamicParameters:saveForm
    Saves the complete set of dynamic parameters for a specific form type.

    REST Resource: v1alpha.projects.locations.instances.forwarders

    Methods
    create POST /v1alpha/{parent}/forwarders
    Create a forwarder.
    delete DELETE /v1alpha/{name}
    Delete a forwarder by forwarder ID.
    generateForwarderFiles GET /v1alpha/{name}:generateForwarderFiles
    Generates a forwarder's configuration files.
    get GET /v1alpha/{name}
    Get a forwarder by forwarder ID.
    importStatsEvents POST /v1alpha/{name}:importStatsEvents
    ImportStatsEvents imports stats events from a forwarder.
    list GET /v1alpha/{parent}/forwarders
    List all forwarders for the instance.
    patch PATCH /v1alpha/{forwarder.name}
    Update a forwarder.

    REST Resource: v1alpha.projects.locations.instances.forwarders.collectors

    Methods
    create POST /v1alpha/{parent}/collectors
    Create a collector.
    delete DELETE /v1alpha/{name}
    Delete a collector by collector ID.
    get GET /v1alpha/{name}
    Get a collector by collector ID.
    list GET /v1alpha/{parent}/collectors
    List all collectors for the forwarder.
    patch PATCH /v1alpha/{collector.name}
    Update a collector.

    REST Resource: v1alpha.projects.locations.instances.ingestionLogLabels

    Methods
    list GET /v1alpha/{parent}/ingestionLogLabels
    Returns the ingestion log labels for the customer.

    REST Resource: v1alpha.projects.locations.instances.ingestionLogNamespaces

    Methods
    list GET /v1alpha/{parent}/ingestionLogNamespaces
    Lists ingestion log namespaces for the customer.

    REST Resource: v1alpha.projects.locations.instances.integrations

    Methods
    create POST /v1alpha/{parent}/integrations
    Creates a new custom SOAR Integration.
    delete DELETE /v1alpha/{name}
    Deletes a specific custom Integration.
    download GET /v1alpha/{name}:export
    Exports the entire integration package as a ZIP file.
    downloadDependency POST /v1alpha/{name}:downloadDependency
    Initiates the download of a Python dependency (e.g., a library from PyPI) for a custom integration.
    exportIntegrationItems GET /v1alpha/{name}:exportItems
    Exports specific items from an integration into a ZIP folder.
    fetchAffectedItems GET /v1alpha/{name}:fetchAffectedItems
    Identifies all system items (e.g., connector instances, job instances, playbooks) that would be affected by a change to or deletion of this integration.
    fetchAgentIntegrations GET /v1alpha/{parent}:fetchAgentIntegrations
    Returns the set of integrations currently installed and configured on a specific agent.
    fetchCommercialDiff GET /v1alpha/{name}:fetchCommercialDiff
    Returns the difference between the current integration and its matching commercial version in the Marketplace.
    fetchDependencies GET /v1alpha/{name}:fetchDependencies
    Returns the complete list of Python dependencies currently associated with a custom integration.
    fetchRestrictedAgents GET /v1alpha/{name}:fetchRestrictedAgents
    Identifies remote agents that would be restricted from running an updated version of the integration, typically due to environment incompatibilities like unsupported Python versions.
    get GET /v1alpha/{name}
    Gets a single Integration by its resource name.
    getFetchProductionDiff GET /v1alpha/{name}:fetchProductionDiff
    Returns the difference between the staging integration and its matching production version.
    getFetchStagingDiff GET /v1alpha/{name}:fetchStagingDiff
    Returns the difference between the production integration and its corresponding staging version.
    import POST /v1alpha/{parent}/integrations:import
    POST /upload/v1alpha/{parent}/integrations:import
    Imports a complete integration package from a ZIP file (up to 500MB).
    importIntegrationDependency POST /v1alpha/{name}:uploadDependency
    POST /upload/v1alpha/{name}:uploadDependency
    Uploads a raw dependency file (e.g., a wheel file or binary) to an existing custom integration.
    importIntegrationItems POST /v1alpha/{name}:importItems
    POST /upload/v1alpha/{name}:importItems
    Imports individual integration items (actions, jobs, connectors, etc.) from a ZIP file into an existing custom integration.
    list GET /v1alpha/{parent}/integrations
    Lists all Integrations installed in the instance.
    patch PATCH /v1alpha/{integration.name}
    Updates an existing Integration's metadata.
    pushToProduction POST /v1alpha/{name}:pushToProduction
    Transitions an integration from staging to production mode.
    pushToStaging POST /v1alpha/{name}:pushToStaging
    Transitions an integration from production back to staging mode.
    updateCustomIntegration POST /v1alpha/{updateCustomIntegrationPayload.integration.name}:updateCustomIntegration
    Updates a custom integration definition, including its parameters and dependencies.
    upload POST /v1alpha/{parent}/integrations:extractIntegrationDetails
    POST /upload/v1alpha/{parent}/integrations:extractIntegrationDetails
    Parses an integration ZIP file and returns its constituent items and metadata without importing it.

    REST Resource: v1alpha.projects.locations.instances.integrations.actions

    Methods
    create POST /v1alpha/{parent}/actions
    Creates a new custom IntegrationAction within an integration.
    delete DELETE /v1alpha/{name}
    Deletes a specific custom IntegrationAction.
    executeTest POST /v1alpha/{parent}/actions:executeTest
    Executes a test run of an action's script.
    fetchActionsByEnvironment GET /v1alpha/{parent}/actions:fetchActionsByEnvironment
    Lists actions that are executable within specified environments.
    fetchTemplate GET /v1alpha/{parent}/actions:fetchTemplate
    Retrieves a default Python script template for a new integration action.
    get GET /v1alpha/{name}
    Gets a single IntegrationAction.
    list GET /v1alpha/{parent}/actions
    Lists all IntegrationActions for a specific integration.
    patch PATCH /v1alpha/{integrationAction.name}
    Updates an existing IntegrationAction.

    REST Resource: v1alpha.projects.locations.instances.integrations.actions.revisions

    Methods
    create POST /v1alpha/{parent}/revisions
    CreateActionRevision creates a new action revision.
    delete DELETE /v1alpha/{name}
    DeleteActionRevision deletes an action revision.
    list GET /v1alpha/{parent}/revisions
    List all revisions of an action.
    rollback POST /v1alpha/{name}:rollback
    RollbackIntegrationActionRevision rolls back the action definition to a saved revision.

    REST Resource: v1alpha.projects.locations.instances.integrations.connectors

    Methods
    create POST /v1alpha/{parent}/connectors
    Creates a new custom IntegrationConnector.
    delete DELETE /v1alpha/{name}
    Deletes a specific custom IntegrationConnector.
    executeTest POST /v1alpha/{parent}/connectors:executeTest
    Executes a test run of a connector's Python script.
    fetchTemplate GET /v1alpha/{parent}/connectors:fetchTemplate
    Returns a default Python script template for an integration connector.
    get GET /v1alpha/{name}
    Gets a single IntegrationConnector by its resource name.
    list GET /v1alpha/{parent}/connectors
    Lists all IntegrationConnectors defined for a specific integration.
    patch PATCH /v1alpha/{integrationConnector.name}
    Updates an existing custom IntegrationConnector.

    REST Resource: v1alpha.projects.locations.instances.integrations.connectors.connectorInstances

    Methods
    create POST /v1alpha/{parent}/connectorInstances
    Creates a new ConnectorInstance based on a connector definition.
    delete DELETE /v1alpha/{name}
    Deletes a ConnectorInstance.
    fetchLatestDefinition GET /v1alpha/{parent}:fetchLatestDefinition
    Refreshes a connector instance with the latest definition from the integration.
    get GET /v1alpha/{name}
    Gets a single ConnectorInstance by its resource name.
    list GET /v1alpha/{parent}/connectorInstances
    Lists ConnectorInstances for a specific connector definition.
    patch PATCH /v1alpha/{connectorInstance.name}
    Updates an existing ConnectorInstance.
    runOnDemand POST /v1alpha/{name}:runOnDemand
    Triggers an immediate, single execution of the connector.
    setLogsCollection POST /v1alpha/{name}:setLogsCollection
    Enables or disables debug log collection for a connector instance.

    REST Resource: v1alpha.projects.locations.instances.integrations.connectors.connectorInstances.logs

    Methods
    get GET /v1alpha/{name}
    Get a single ConnectorInstanceLog.
    list GET /v1alpha/{parent}/logs
    List all ConnectorInstanceLogs for a given ConnectorInstance.

    REST Resource: v1alpha.projects.locations.instances.integrations.connectors.contextProperties

    Methods
    clearAll POST /v1alpha/{parent}/contextProperties:clearAll
    Deletes all context properties associated with a specific parent context.
    create POST /v1alpha/{parent}/contextProperties
    Creates a new context property.
    delete DELETE /v1alpha/{name}
    Deletes a specific context property.
    get GET /v1alpha/{name}
    Gets a single context property by its resource name.
    list GET /v1alpha/{parent}/contextProperties
    Lists all context properties for a specific parent entity.
    patch PATCH /v1alpha/{contextProperty.name}
    Updates an existing context property.

    REST Resource: v1alpha.projects.locations.instances.integrations.connectors.revisions

    Methods
    create POST /v1alpha/{parent}/revisions
    Creates a new snapshot (revision) of the current connector definition.
    delete DELETE /v1alpha/{name}
    Deletes a specific connector revision.
    list GET /v1alpha/{parent}/revisions
    Lists all saved revisions of a specific connector.
    rollback POST /v1alpha/{name}:rollback
    Restores the connector definition to the state captured in a specific revision.

    REST Resource: v1alpha.projects.locations.instances.integrations.integrationInstances

    Methods
    create POST /v1alpha/{parent}/integrationInstances
    Creates a new IntegrationInstance.
    delete DELETE /v1alpha/{name}
    Deletes a specific IntegrationInstance.
    executeTest POST /v1alpha/{name}:executeTest
    Executes a connectivity test ("ping") for a specific integration instance.
    fetchAffectedItems GET /v1alpha/{name}:fetchAffectedItems
    Lists all playbooks that depend on a specific integration instance.
    fetchDefaultInstance GET /v1alpha/{parent}/integrationInstances:fetchDefaultInstance
    Returns the system default configuration for a specific integration.
    get GET /v1alpha/{name}
    Gets a single IntegrationInstance by its resource name.
    list GET /v1alpha/{parent}/integrationInstances
    Lists all IntegrationInstances for a specific integration.
    patch PATCH /v1alpha/{integrationInstance.name}
    Updates an existing IntegrationInstance.

    REST Resource: v1alpha.projects.locations.instances.integrations.jobs

    Methods
    create POST /v1alpha/{parent}/jobs
    Creates a new custom IntegrationJob.
    delete DELETE /v1alpha/{name}
    Deletes a specific custom IntegrationJob.
    executeTest POST /v1alpha/{parent}/jobs:executeTest
    Executes a test run of a `IntegrationJob's Python script.
    fetchTemplate GET /v1alpha/{parent}/jobs:fetchTemplate
    Returns a default Python script template for an IntegrationJob.
    get GET /v1alpha/{name}
    Gets a single IntegrationJob by its resource name.
    list GET /v1alpha/{parent}/jobs
    Lists all IntegrationJobs defined for a specific integration.
    patch PATCH /v1alpha/{integrationJob.name}
    Updates an existing custom IntegrationJob.

    REST Resource: v1alpha.projects.locations.instances.integrations.jobs.contextProperties

    Methods
    clearAll POST /v1alpha/{parent}/contextProperties:clearAll
    Deletes all context properties associated with a specific parent context.
    create POST /v1alpha/{parent}/contextProperties
    Creates a new context property.
    delete DELETE /v1alpha/{name}
    Deletes a specific context property.
    get GET /v1alpha/{name}
    Gets a single context property by its resource name.
    list GET /v1alpha/{parent}/contextProperties
    Lists all context properties for a specific parent entity.
    patch PATCH /v1alpha/{contextProperty.name}
    Updates an existing context property.

    REST Resource: v1alpha.projects.locations.instances.integrations.jobs.jobInstances

    Methods
    create POST /v1alpha/{parent}/jobInstances
    Creates a new IntegrationJobInstance from a job definition.
    delete DELETE /v1alpha/{name}
    Deletes a specific IntegrationJobInstance.
    get GET /v1alpha/{name}
    Gets a single IntegrationJobInstance by its resource name.
    list GET /v1alpha/{parent}/jobInstances
    Lists all IntegrationJobInstances for a specific job definition.
    patch PATCH /v1alpha/{integrationJobInstance.name}
    Updates an existing IntegrationJobInstance.
    runOnDemand POST /v1alpha/{name}:runOnDemand
    Executes a scheduled background job immediately and only once, bypassing the normal schedule.

    REST Resource: v1alpha.projects.locations.instances.integrations.jobs.jobInstances.logs

    Methods
    get GET /v1alpha/{name}
    Get a single IntegrationJobInstanceLog.
    list GET /v1alpha/{parent}/logs
    List all IntegrationJobInstanceLogs for a given IntegrationJobInstance.

    REST Resource: v1alpha.projects.locations.instances.integrations.jobs.revisions

    Methods
    create POST /v1alpha/{parent}/revisions
    Creates a new saved revision (snapshot) of the current job definition.
    delete DELETE /v1alpha/{name}
    Deletes a specific job revision.
    list GET /v1alpha/{parent}/revisions
    Lists all historical revisions for a specific background job.
    rollback POST /v1alpha/{name}:rollback
    Reverts the current background security job definition to a previously saved revision.

    REST Resource: v1alpha.projects.locations.instances.integrations.logicalOperators

    Methods
    create POST /v1alpha/{parent}/logicalOperators
    Creates a new custom IntegrationLogicalOperator.
    delete DELETE /v1alpha/{name}
    Deletes a specific custom IntegrationLogicalOperator.
    executeTest POST /v1alpha/{parent}/logicalOperators:executeTest
    Executes a test run of a logical operator's evaluation script.
    fetchTemplate GET /v1alpha/{parent}/logicalOperators:fetchTemplate
    Returns a default Python script template for a logical operator.
    get GET /v1alpha/{name}
    Gets a single IntegrationLogicalOperator by its resource name.
    list GET /v1alpha/{parent}/logicalOperators
    Lists all IntegrationLogicalOperators defined for a specific integration.
    patch PATCH /v1alpha/{logicalOperator.name}
    Updates an existing custom IntegrationLogicalOperator.

    REST Resource: v1alpha.projects.locations.instances.integrations.logicalOperators.revisions

    Methods
    create POST /v1alpha/{parent}/revisions
    Creates a new revision of a custom logical operator.
    delete DELETE /v1alpha/{name}
    Deletes a specific logical operator revision.
    list GET /v1alpha/{parent}/revisions
    Lists all saved revisions for a specific logical operator.
    rollback POST /v1alpha/{name}:rollback
    Rolls back a custom logical operator to a previously saved revision.

    REST Resource: v1alpha.projects.locations.instances.integrations.managers

    Methods
    create POST /v1alpha/{parent}/managers
    Creates a new custom IntegrationManager.
    delete DELETE /v1alpha/{name}
    Deletes a specific custom IntegrationManager.
    fetchTemplate GET /v1alpha/{parent}/managers:fetchTemplate
    Returns a default recommended Python script template for an integration manager.
    get GET /v1alpha/{name}
    Gets a single IntegrationManager by its resource name.
    list GET /v1alpha/{parent}/managers
    Lists all IntegrationManagers defined for a specific integration.
    patch PATCH /v1alpha/{integrationManager.name}
    Updates an existing custom IntegrationManager.

    REST Resource: v1alpha.projects.locations.instances.integrations.managers.revisions

    Methods
    create POST /v1alpha/{parent}/revisions
    Creates a new saved revision (snapshot) of the current manager.
    delete DELETE /v1alpha/{name}
    Deletes a specific manager revision.
    get GET /v1alpha/{name}
    Gets a single IntegrationManagerRevision by its resource name.
    list GET /v1alpha/{parent}/revisions
    Lists all revisions for a specific manager.
    rollback POST /v1alpha/{name}:rollback
    Reverts the current manager definition to a previously saved revision.

    REST Resource: v1alpha.projects.locations.instances.integrations.transformers

    Methods
    create POST /v1alpha/{parent}/transformers
    Creates a new TransformerDefinition within an integration.
    delete DELETE /v1alpha/{name}
    Deletes a custom TransformerDefinition.
    executeTest POST /v1alpha/{integration}/transformers:executeTest
    Executes a test run of a transformer's Python script.
    fetchTemplate GET /v1alpha/{integration}/transformers:fetchTemplate
    Retrieves a default Python script template for a new transformer.
    get GET /v1alpha/{name}
    Gets a single TransformerDefinition.
    list GET /v1alpha/{parent}/transformers
    Lists all TransformerDefinitions for a specific integration.
    patch PATCH /v1alpha/{transformerDefinition.name}
    Updates an existing TransformerDefinition.

    REST Resource: v1alpha.projects.locations.instances.integrations.transformers.revisions

    Methods
    create POST /v1alpha/{parent}/revisions
    Creates a new revision of a custom transformer.
    delete DELETE /v1alpha/{name}
    Deletes a specific transformer revision.
    list GET /v1alpha/{parent}/revisions
    Lists all saved revisions for a specific Transformer.
    rollback POST /v1alpha/{name}:rollback
    Rolls back a custom transformer to a previously saved revision.

    REST Resource: v1alpha.projects.locations.instances.investigations

    Methods
    fetchAssociated GET /v1alpha/{parent}/investigations:fetchAssociated
    FetchAssociatedInvestigations is used to fetch all the associated resources for each of the given alerts/cases.
    get GET /v1alpha/{name}
    GetInvestigation is used to retrieve an investigation.
    list GET /v1alpha/{parent}/investigations
    ListInvestigations is used to retrieve existing investigations for a given instance.
    trigger POST /v1alpha/{parent}/investigations:trigger
    Custom method to manually trigger an investigation for a given alert.

    REST Resource: v1alpha.projects.locations.instances.investigations.investigationComments

    Methods
    create POST /v1alpha/{parent}/investigationComments
    CreateInvestigationComment is used to create an investigation comment.
    delete DELETE /v1alpha/{name}
    DeleteInvestigationComment is used to delete an investigation comment.
    get GET /v1alpha/{name}
    Retrieves a specific investigation comment.
    list GET /v1alpha/{parent}/investigationComments
    ListInvestigationComments is used to retrieve existing investigation comments for a given investigation.
    patch PATCH /v1alpha/{investigationComment.name}
    UpdateInvestigationComment is used to update an investigation comment.

    REST Resource: v1alpha.projects.locations.instances.investigations.investigationSteps

    Methods
    get GET /v1alpha/{name}
    GetInvestigationStep is used to retrieve an investigation step.
    list GET /v1alpha/{parent}/investigationSteps
    ListInvestigationSteps is used to retrieve existing investigation steps for a given investigation.

    REST Resource: v1alpha.projects.locations.instances.iocAssociations

    Methods
    batchGet GET /v1alpha/{parent}/iocAssociations:batchGet
    Gets a batch (list) of IocAssociations given a list of names and a parent.
    fetchRelated GET /v1alpha/{parent}/iocAssociations:fetchRelated
    List related Associations (Threat Actors or Malware Families) for a given threat resource.
    get GET /v1alpha/{name}
    Get an Ioc Association by resource name.

    REST Resource: v1alpha.projects.locations.instances.iocs

    Methods
    batchGet GET /v1alpha/{parent}/iocs:batchGet
    Gets a batch (list) of iocs given a list of names and a parent.
    fetchRelated GET /v1alpha/{parent}/iocs:fetchRelated
    List related IOCs for a given threat resource.
    find POST /v1alpha/{parent}/iocs:find
    Gets a list of Iocs given a list of parameters that uniquely identify them.
    findFirstAndLastSeen GET /v1alpha/{name}:findFirstAndLastSeen
    FindFirstAndLastSeen for an Ioc.
    get GET /v1alpha/{name}
    Get an Ioc.
    getIocState GET /v1alpha/{name}
    Gets the status of an ioc
    searchCuratedDetectionsForIoc GET /v1alpha/{name}:searchCuratedDetectionsForIoc
    Search curated detections for an Ioc.
    updateIocState PATCH /v1alpha/{iocState.name}
    Update an Ioc state.

    REST Resource: v1alpha.projects.locations.instances.labsExperiments

    Methods
    execute POST /v1alpha/{parent}:execute
    Executes a LabsExperiment.
    get GET /v1alpha/{name}
    Gets a LabExperiment.
    list GET /v1alpha/{parent}/labsExperiments
    Lists LabsExperiments.
    patch PATCH /v1alpha/{labsExperiment.name}
    Update a LabsExperiment.

    REST Resource: v1alpha.projects.locations.instances.labsExperiments.executions

    Methods
    get GET /v1alpha/{name}
    Retrieves a specific LabsExperimentExecution resource.
    list GET /v1alpha/{parent}/executions
    Lists LabsExperimentExecution resources.
    patch PATCH /v1alpha/{labsExperimentExecution.name}
    Updates a LabsExperimentExecution.

    REST Resource: v1alpha.projects.locations.instances.legacy

    Methods
    legacyBatchGetCases GET /v1alpha/{instance}/legacy:legacyBatchGetCases
    Fetches multiple cases by name in a single request.
    legacyBatchGetCollections GET /v1alpha/{instance}/legacy:legacyBatchGetCollections
    RPC for getting a batch of collections based on their Collection Ids.
    legacyCreateOrUpdateCase POST /v1alpha/{instance}/legacy:legacyCreateOrUpdateCase
    Creates a new case or updates an existing one using a legacy data format.
    legacyCreateSoarAlert POST /v1alpha/{instance}/legacy:legacyCreateSoarAlert
    RPC for creating a SOAR alert.
    legacyFetchAlertsView GET /v1alpha/{instance}/legacy:legacyFetchAlertsView
    Legacy streaming endpoint for getting alerts (and in some cases, non-alerting detections) along with aggregated fields that match the query.
    legacyFetchUdmSearchCsv POST /v1alpha/{instance}/legacy:legacyFetchUdmSearchCsv
    Legacy endpoint for fetching csv rows for matching UDM search.
    legacyFetchUdmSearchView POST /v1alpha/{instance}/legacy:legacyFetchUdmSearchView
    Legacy endpoint for fetching events, filters, and histograms matching UDM search.
    legacyFindAssetEvents GET /v1alpha/{instance}/legacy:legacyFindAssetEvents
    Legacy endpoint for getting events for an asset indicator.
    legacyFindRawLogs GET /v1alpha/{instance}/legacy:legacyFindRawLogs
    Legacy endpoint for getting events for a raw log search query.
    legacyFindUdmEvents GET /v1alpha/{instance}/legacy:legacyFindUdmEvents
    Legacy endpoint for finding UDM/entity events using tokens or ids.
    legacyGetAlert GET /v1alpha/{instance}/legacy:legacyGetAlert
    RPC for fetching an alert based on its Alert Id.
    legacyGetCuratedRulesTrends GET /v1alpha/{instance}/legacy:legacyGetCuratedRulesTrends
    Legacy RPC for listing detection counts and last detection timestamp for a list of Curated Rule ids.
    legacyGetDetection GET /v1alpha/{instance}/legacy:legacyGetDetection
    Legacy endpoint for fetching a Detection.
    legacyGetEventForDetection GET /v1alpha/{instance}/legacy:legacyGetEventForDetection
    Legacy endpoint for getting event for curated detection.
    legacyGetRuleCounts GET /v1alpha/{instance}/legacy:legacyGetRuleCounts
    RPC to get rule counts.
    legacyGetRulesTrends GET /v1alpha/{instance}/legacy:legacyGetRulesTrends
    Legacy RPC for listing detection counts and last detection timestamp for a list of user-defined rule ids.
    legacyRunTestRule POST /v1alpha/{instance}/legacy:legacyRunTestRule
    Legacy RPC to test a rule and stream back the responses.
    legacySearchArtifactEvents GET /v1alpha/{instance}/legacy:legacySearchArtifactEvents
    Legacy endpoint for getting events for a given artifact.
    legacySearchArtifactIoCDetails GET /v1alpha/{instance}/legacy:legacySearchArtifactIoCDetails
    Rpc to search for IoC details for a particular artifact.
    legacySearchAssetEvents GET /v1alpha/{instance}/legacy:legacySearchAssetEvents
    Legacy endpoint for getting events for a given asset.
    legacySearchCuratedDetections GET /v1alpha/{instance}/legacy:legacySearchCuratedDetections
    Legacy endpoint for searcing detections for a Curated Rule.
    legacySearchCustomerStats POST /v1alpha/{instance}/legacy:legacySearchCustomerStats
    LegacySearchCustomerStats gets data collection stats about a customer, e.g., the first time data was seen from a customer, the last time, etc.
    legacySearchDetections GET /v1alpha/{instance}/legacy:legacySearchDetections
    Legacy endpoint for searching detections for a rule version.
    legacySearchDomainsRecentlyRegistered GET /v1alpha/{instance}/legacy:legacySearchDomainsRecentlyRegistered
    Given a list of domain names and a time, returns only the domains that were recently registered relative to that time.
    legacySearchDomainsTimingStats GET /v1alpha/{instance}/legacy:legacySearchDomainsTimingStats
    Given a list of domain names, returns time-related statistics for those domains (ex: the first seen in the enterprise time).
    legacySearchEnterpriseWideAlerts GET /v1alpha/{instance}/legacy:legacySearchEnterpriseWideAlerts
    RPC for getting all alerts in a time range in legacy page site.
    legacySearchEnterpriseWideIoCs GET /v1alpha/{instance}/legacy:legacySearchEnterpriseWideIoCs
    RPC for listing IoC matches against ingested events.
    legacySearchFindings GET /v1alpha/{instance}/legacy:legacySearchFindings
    Legacy endpoint for listing Findings.
    legacySearchIngestionStats POST /v1alpha/{instance}/legacy:legacySearchIngestionStats
    LegacySearchIngestionStats gets data ingestion stats about a given customer, e.g.
    legacySearchIoCInsights GET /v1alpha/{instance}/legacy:legacySearchIoCInsights
    Rpc to list IoC insights on given artifacts.
    legacySearchRawLogs GET /v1alpha/{instance}/legacy:legacySearchRawLogs
    Legacy endpoint for getting events for a raw log search.
    legacySearchRawLogsV2 GET /v1alpha/{name}/legacy:legacySearchRawLogsV2
    Searches for raw logs within a specified Google SecOps instance.
    legacySearchRuleDetectionCountBuckets GET /v1alpha/{instance}/legacy:legacySearchRuleDetectionCountBuckets
    Legacy endpoint for listing detection count buckets for a Rules Engine rule.
    legacySearchRuleDetectionEvents GET /v1alpha/{instance}/legacy:legacySearchRuleDetectionEvents
    Legacy RPC for listing events associated with a particular Detection generated by a Rules Engine rule.
    legacySearchRuleResults GET /v1alpha/{instance}/legacy:legacySearchRuleResults
    Legacy endpoint for listing aggregated results for a Rules Engine rule.
    legacySearchRulesAlerts GET /v1alpha/{instance}/legacy:legacySearchRulesAlerts
    RPC to get the list of Rules Engine generated alerts for a customer.
    legacySearchUserEvents GET /v1alpha/{instance}/legacy:legacySearchUserEvents
    Legacy endpoint for getting events for a given user.
    legacyStreamDetectionAlerts POST /v1alpha/{instance}/legacy:legacyStreamDetectionAlerts
    Legacy StreamDetectionAlerts continuously streams new detection alerts as they are discovered.
    legacyTestRuleStreaming POST /v1alpha/{instance}/legacy:legacyTestRuleStreaming
    LegacyTestRuleStreaming tests the given rule text over a specified time range and streams detections/errors back without persisting them.
    legacyUpdateAlert POST /v1alpha/{instance}/legacy:legacyUpdateAlert
    Legacy endpoint for updating an alert.

    REST Resource: v1alpha.projects.locations.instances.legacyAdvancedReports

    Methods
    download GET /v1alpha/{name}/legacyAdvancedReports:legacyReportExport
    Exports an Advanced Report definition.
    legacyCopyLookerReport POST /v1alpha/{instance}/legacyAdvancedReports:legacyCopyLookerReport
    Creates a copy of an existing Looker Advanced Report.
    legacyCreateLookerReport POST /v1alpha/{instance}/legacyAdvancedReports:legacyCreateLookerReport
    Creates a new Looker Advanced Report.
    legacyGetAdvancedReportProvider GET /v1alpha/{instance}/legacyAdvancedReports:legacyGetAdvancedReportProvider
    Returns information about the current advanced reporting provider (e.g., Looker).
    legacyGetLookerReportDetails POST /v1alpha/{instance}/legacyAdvancedReports:legacyGetLookerReportDetails
    Returns the complete details, including the embed URL, for a specific Looker report.
    legacyGetLookerReports GET /v1alpha/{instance}/legacyAdvancedReports:legacyGetLookerReports
    Returns a list of all Looker Advanced Reports available to the current user.
    legacyRefreshLookerReports GET /v1alpha/{instance}/legacyAdvancedReports:legacyRefreshLookerReports
    Refreshes the list and status of available Looker Advanced Reports by synchronizing with the reporting backend.
    legacyReport DELETE /v1alpha/{instance}/legacyAdvancedReports:legacyReport
    Deletes a specific Advanced Report.
    legacyReportImport POST /v1alpha/{instance}/legacyAdvancedReports:legacyReportImport
    Imports a report definition into the advanced reporting system.
    legacyShareLookerReport POST /v1alpha/{instance}/legacyAdvancedReports:legacyShareLookerReport
    Updates the sharing permissions for a specific Looker Advanced Report.

    REST Resource: v1alpha.projects.locations.instances.legacyCaseFederationPlatforms

    Methods
    create POST /v1alpha/{parent}/legacyCaseFederationPlatforms
    Registers a new remote SecOps instance as a federation platform.
    legacyDeleteCaseFederationPlatform DELETE /v1alpha/{name}
    Deletes a specific LegacyCaseFederationPlatform.
    legacyGetCaseFederationPlatform GET /v1alpha/{name}
    Gets a single LegacyCaseFederationPlatform by its resource name.

    REST Resource: v1alpha.projects.locations.instances.legacyCases

    Methods
    addEvidence POST /v1alpha/{name}/legacyCases:addEvidence
    Adds evidence, such as a file attachment, to a specific case.
    createCase POST /v1alpha/{name}/legacyCases:createCase
    Ingests a package of cases into the system's data processing engine.
    createManualCase POST /v1alpha/{name}/legacyCases:createManualCase
    Creates a case manually that appears in the case queue alongside automatically ingested alerts.
    createSimulatedCustomCase POST /v1alpha/{name}/legacyCases:createSimulatedCustomCase
    Creates a custom simulated case based on specified alert and event fields.
    deleteUseCase POST /v1alpha/{name}/legacyCases:deleteUseCase
    Deletes a specific custom case simulation.
    executeManualAction POST /v1alpha/{name}/legacyCases:executeManualAction
    Executes a single action on specific entities scopes on selected alerts within a case.
    exportCustomCase GET /v1alpha/{name}/legacyCases:exportCustomCase
    Exports a custom simulated case configuration as a JSON package.
    generateCollaboratorRequest POST /v1alpha/{name}/legacyCases:generateCollaboratorRequest
    Generates a request for collaboration as a new case.
    generateUseCases POST /v1alpha/{name}/legacyCases:generateUseCases
    Triggers the generation of one or more simulated cases based on predefined templates or custom definitions.
    getActionResultById GET /v1alpha/{name}/legacyCases:getActionResultById
    Retrieves the details and results of a previously executed action.
    getCustomCaseDetails POST /v1alpha/{name}/legacyCases:getCustomCaseDetails
    Retrieves the detailed configuration of a custom simulated case.
    getCustomCases GET /v1alpha/{name}/legacyCases:getCustomCases
    Lists the names of all custom simulated cases defined in the environment.
    importCustomCase POST /v1alpha/{name}/legacyCases:importCustomCase
    Imports a custom simulated case from a JSON package.
    injectSampleData POST /v1alpha/{name}/legacyCases:injectSampleData
    Ingests sample alerts from connector testing into the system as test cases.
    investigatorExtendCaseGraph POST /v1alpha/{name}/legacyCases:investigatorExtendCaseGraph
    Extends the investigator graph for a case with additional nodes and relations.
    isCustomCaseExists GET /v1alpha/{name}/legacyCases:isCustomCaseExists
    Checks if a custom simulated case with a specific alert name already exists.
    simulateAlert POST /v1alpha/{name}/legacyCases:simulateAlert
    Simulates a specific alert within a case, optionally replacing fields or performing grouping.

    REST Resource: v1alpha.projects.locations.instances.legacyConfiguration

    Methods
    legacyGetMaximumAlertsGroupingConfiguration GET /v1alpha/{instance}/legacyConfiguration:legacyGetMaximumAlertsGroupingConfiguration
    Returns the system-wide maximum number of alerts that can be grouped into a single case.

    REST Resource: v1alpha.projects.locations.instances.legacyFederatedCases

    Methods
    legacyBatchPatchFederatedCases POST /v1alpha/{parent}/legacyFederatedCases:legacyBatchPatchFederatedCases
    Updates or inserts multiple cases from a secondary instance into the primary platform's federated store.
    legacyFetchCasesToSync GET /v1alpha/{parent}/legacyFederatedCases:legacyFetchCasesToSync
    Returns a batch of cases from a secondary instance that need to be synchronized into the primary platform's federated store.
    legacyGetFederatedCase GET /v1alpha/{name}
    Gets a single federated case by its resource name.
    legacyListFederatedCases POST /v1alpha/{parent}/legacyFederatedCases:legacyListFederatedCases
    Lists all cases available in the federated store across all synchronized platforms.

    REST Resource: v1alpha.projects.locations.instances.legacyPlaybooks

    Methods
    LegacyPlaybookApplyApprovalLink POST /v1alpha/{instance}/legacyPlaybooks:legacyApplyApprovalLink
    Processes an analyst's decision from a manual approval link.
    download GET /v1alpha/{instance}/legacyPlaybooks:legacyExportDefinitions
    Exports one or more playbook definitions as a ZIP file.
    exportWorkflowWithBlocksByIdentifier POST /v1alpha/{instance}/legacyPlaybooks:legacyImportDefinitions
    POST /upload/v1alpha/{instance}/legacyPlaybooks:legacyImportDefinitions
    Imports multiple playbook definitions from a ZIP file into the current instance.
    legacyActionWidgetTemplate GET /v1alpha/{instance}/legacyPlaybooks:legacyActionWidgetTemplate
    Returns the action widget template for a given action identifier.
    legacyAddOrUpdatePlaybookCategory POST /v1alpha/{instance}/legacyPlaybooks:legacyAddOrUpdatePlaybookCategory
    Adds a new playbook category or updates the metadata of an existing one.
    legacyAiGenerate POST /v1alpha/{instance}/legacyPlaybooks:legacyAiGenerate
    Generates a new playbook definition using Gemini AI based on a natural language user prompt.
    legacyAiGenerateByAlert POST /v1alpha/{instance}/legacyPlaybooks:legacyAiGenerateByAlert
    Generates a tailored playbook definition designed to respond to a specific security alert.
    legacyAiUpdate POST /v1alpha/{instance}/legacyPlaybooks:legacyAiUpdate
    Refines an existing playbook definition using Gemini AI based on a natural language prompt.
    legacyAttachNestedWorkflowToCase POST /v1alpha/{instance}/legacyPlaybooks:legacyAttachNestedWorkflowToCase
    Manually triggers a specific playbook block (nested workflow) for a given alert.
    legacyAttachWorkflowToCase POST /v1alpha/{instance}/legacyPlaybooks:legacyAttachWorkflowToCase
    Manually initiates a specific playbook for a given alert.
    legacyCheckWorkflowNameInDifferentEnvironments POST /v1alpha/{instance}/legacyPlaybooks:legacyCheckWorkflowNameInDifferentEnvironments
    Checks if the specified playbook name is already in use within any environment.
    legacyCloneWorkflow POST /v1alpha/{instance}/legacyPlaybooks:legacyCloneWorkflow
    Creates an exact copy of a playbook definition.
    legacyCreateFeedback POST /v1alpha/{instance}/legacyPlaybooks:legacyCreateFeedback
    Records user feedback (e.g., ratings and comments) for an AI-generated playbook.
    legacyDeleteWorkflow POST /v1alpha/{instance}/legacyPlaybooks:legacyDeleteWorkflow
    Permanently removes a single playbook definition.
    legacyDeleteWorkflows POST /v1alpha/{instance}/legacyPlaybooks:legacyDeleteWorkflows
    Deletes multiple playbook definitions in a single operation.
    legacyDuplicateNestedWorkflows POST /v1alpha/{instance}/legacyPlaybooks:legacyDuplicateNestedWorkflows
    Creates duplicates of multiple blocks in a single operation.
    legacyDuplicateWorkflow POST /v1alpha/{instance}/legacyPlaybooks:legacyDuplicateWorkflow
    Creates a duplicate of a playbook definition.
    legacyDuplicateWorkflows POST /v1alpha/{instance}/legacyPlaybooks:legacyDuplicateWorkflows
    Creates duplicates of multiple playbook definitions in a single operation.
    legacyExecuteManualStep POST /v1alpha/{instance}/legacyPlaybooks:legacyExecuteManualStep
    Executes a manual task within a playbook instance.
    legacyExecuteStep POST /v1alpha/{instance}/legacyPlaybooks:legacyExecuteStep
    Executes a single, specific step from a playbook definition.
    legacyFetchActionResultsForSimulation POST /v1alpha/{instance}/legacyPlaybooks:legacyFetchActionResultsForSimulation
    Returns the detailed outputs from a playbook simulation run.
    legacyGetActionResultsOfWFId GET /v1alpha/{instance}/legacyPlaybooks:legacyGetActionResultsOfWFId
    Returns the execution outputs and status for all steps within a specific playbook instance.
    legacyGetAiGenerationStatusByAlert POST /v1alpha/{instance}/legacyPlaybooks:legacyGetAiGenerationStatusByAlert
    Retrieves the status of a playbook generation process initiated for a security alert.
    legacyGetCaseEntities GET /v1alpha/{instance}/legacyPlaybooks:legacyGetCaseEntities
    Returns all security entities (e.g., hosts, users, files) associated with a specific case.
    legacyGetContextGroupByKey GET /v1alpha/{instance}/legacyPlaybooks:legacyGetContextGroupByKey
    Returns the context group associated with a specific key.
    legacyGetDebugStepCaseData POST /v1alpha/{instance}/legacyPlaybooks:legacyGetDebugStepCaseData
    Returns the simulated case data context for a specific playbook step.
    legacyGetEnabledWFCards POST /v1alpha/{instance}/legacyPlaybooks:legacyGetEnabledWFCards
    Returns a list of all playbooks that are currently enabled and ready for execution.
    legacyGetEnabledWFNames GET /v1alpha/{instance}/legacyPlaybooks:legacyGetEnabledWFNames
    Returns the display names of all playbooks that are currently enabled in the instance.
    legacyGetHtmlViewPresets GET /v1alpha/{instance}/legacyPlaybooks:legacyGetHtmlViewPresets
    Returns the list of predefined HTML view presets.
    legacyGetNestedPlaybookParams GET /v1alpha/{instance}/legacyPlaybooks:legacyGetNestedPlaybookParams
    Returns the input parameter definitions for a specified modular playbook block.
    legacyGetNestedPlaybooksAsSteps GET /v1alpha/{instance}/legacyPlaybooks:legacyGetNestedPlaybooksAsSteps
    Returns all blocks available for use as nested steps in a playbook.
    legacyGetNestedPlaybooksByEnvironmentsAsSteps POST /v1alpha/{instance}/legacyPlaybooks:legacyGetNestedPlaybooksByEnvironmentsAsSteps
    Returns all blocks available for use as nested steps in a playbook filtered by environments.
    legacyGetNestedWorkflowDefaultInputs POST /v1alpha/{instance}/legacyPlaybooks:legacyGetNestedWorkflowDefaultInputs
    Returns the most recently used or default input values for a specified playbook block.
    legacyGetOverviewTemplate GET /v1alpha/{instance}/legacyPlaybooks:legacyGetOverviewTemplate
    Returns a specific overview template by its identifier.
    legacyGetOverviewTemplates POST /v1alpha/{instance}/legacyPlaybooks:legacyGetOverviewTemplates
    Returns the set of overview templates associated with specific playbooks.
    legacyGetPendingStep POST /v1alpha/{instance}/legacyPlaybooks:legacyGetPendingStep
    Returns a specific pending playbook step by its associated alert identifier.
    legacyGetPendingStepsCountForUser GET /v1alpha/{instance}/legacyPlaybooks:legacyGetPendingStepsCountForUser
    Returns the total number of pending playbook steps pending to the assigned user.
    legacyGetPendingStepsUserRelated GET /v1alpha/{instance}/legacyPlaybooks:legacyGetPendingStepsUserRelated
    Returns all pending playbook steps (e.g., manual approvals or user inputs) that are assigned to or relevant for the assigned user.
    legacyGetPlaybookSimulationEnrichment POST /v1alpha/{instance}/legacyPlaybooks:legacyGetPlaybookSimulationEnrichment
    Returns the enrichment data results from a playbook simulation.
    legacyGetPlaybookStatsMap POST /v1alpha/{instance}/legacyPlaybooks:legacyGetPlaybookStatsMap
    Returns operational metrics for playbooks, including execution counts and performance distributions.
    legacyGetPlaybooksUsingBlocks POST /v1alpha/{instance}/legacyPlaybooks:legacyGetPlaybooksUsingBlocks
    Identifies and returns all playbooks that reference the specified block.
    legacyGetTriggerTags POST /v1alpha/{instance}/legacyPlaybooks:legacyGetTriggerTags
    Returns the set of tags configured as triggers for playbooks.
    legacyGetWorkFlowVersionLogs POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkFlowVersionLogs
    Returns the complete history of saved versions for a specific playbook definition.
    legacyGetWorkflowCategories GET /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowCategories
    Returns all playbook categories currently defined in the instance.
    legacyGetWorkflowFullInfoByIdentifier GET /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowFullInfoByIdentifier
    Returns the full configuration of a playbook, including its steps and connectivity logic, for a specific playbook identifier.
    legacyGetWorkflowFullInfoWithEnvFilterByIdentifier GET /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowFullInfoWithEnvFilterByIdentifier
    Returns the full playbook definition for an identifier, filtering its configuration based on the user's accessible environments.
    legacyGetWorkflowInstance POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowInstance
    Returns the specific runtime instance (either completed or pending) of a playbook associated with a given alert.
    legacyGetWorkflowInstanceSummary POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowInstanceSummary
    Returns a high-level summary of an executed playbook instance.
    legacyGetWorkflowInstancesCards POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowInstancesCards
    Returns the menu cards for all playbook instances associated with a specific case and alert combination.
    legacyGetWorkflowMenuCard GET /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowMenuCard
    Returns a single playbook definition for the specified identifier.
    legacyGetWorkflowMenuCardWithEnvFilter GET /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowMenuCardWithEnvFilter
    Returns a playbook definition for the identifier, with metadata adjusted according to the user's environment permissions.
    legacyGetWorkflowMenuCards POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowMenuCards
    Returns a list of playbook definitions, filtered by the requested playbook types.
    legacyGetWorkflowMenuCardsWithEnvFilter POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowMenuCardsWithEnvFilter
    Returns a list of available playbook definitions, specifically filtered by the environments the user has permission to access.
    legacyGetWorkflowStepInstance POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowStepInstance
    Returns the detailed execution metadata for a single specific step within a playbook instance.
    legacyGetWorkflowsContainsActionAsync GET /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowsContainsActionAsync
    Returns a list of all playbooks that include the specified action.
    legacyGetWorkflowsInvolvingAction POST /v1alpha/{instance}/legacyPlaybooks:legacyGetWorkflowsInvolvingAction
    Returns all playbooks that include one or more of the specified actions.
    legacyMoveDefinitionsToCategory POST /v1alpha/{instance}/legacyPlaybooks:legacyMoveDefinitionsToCategory
    Reassigns one or more playbook definitions to a specified category.
    legacyPermissions DELETE /v1alpha/{instance}/legacyPlaybooks:legacyPermissions
    Removes all access permissions for the given workflow.
    legacyPermissionsOptions POST /v1alpha/{instance}/legacyPlaybooks:legacyPermissionsOptions
    Returns playbook access permission options.
    legacyRemoveCategories POST /v1alpha/{instance}/legacyPlaybooks:legacyRemoveCategories
    Removes multiple playbook categories in a single operation.
    legacyRerunBlock POST /v1alpha/{instance}/legacyPlaybooks:legacyRerunBlock
    Re-executes a specific playbook block on a given alert.
    legacyRerunPlaybook POST /v1alpha/{instance}/legacyPlaybooks:legacyRerunPlaybook
    Re-executes the associated playbook on a specific alert.
    legacyRestoreWorkflowDefinition POST /v1alpha/{instance}/legacyPlaybooks:legacyRestoreWorkflowDefinition
    Reverts a playbook's active configuration to a previously saved version.
    legacyRunPlaybookInDebug POST /v1alpha/{instance}/legacyPlaybooks:legacyRunPlaybookInDebug
    Executes a playbook in a simulation environment using provided test data.
    legacySaveLogVersionOfWorkflowDefinitions POST /v1alpha/{instance}/legacyPlaybooks:legacySaveLogVersionOfWorkflowDefinitions
    Creates a historical record (version snapshot) of the current playbook definition.
    legacySaveWorkflowDefinitions POST /v1alpha/{instance}/legacyPlaybooks:legacySaveWorkflowDefinitions
    Saves the configuration and step sequence of a playbook.
    legacySkip POST /v1alpha/{instance}/legacyPlaybooks:legacySkip
    Bypasses a pending manual task within a playbook instance.
    legacyTerminateWorkflowInstance POST /v1alpha/{instance}/legacyPlaybooks:legacyTerminateWorkflowInstance
    Immediately stops the execution of an in-progress playbook instance.
    legacyTestPipeExample POST /v1alpha/{instance}/legacyPlaybooks:legacyTestPipeExample
    Verifies the logical evaluation of a transformer using example input data.
    legacyUpdateDefinitionsPriority POST /v1alpha/{instance}/legacyPlaybooks:legacyUpdateDefinitionsPriority
    Adjusts the operational priority of one or more playbook definitions.

    REST Resource: v1alpha.projects.locations.instances.legacyPublisher

    Methods
    legacyAddConnectorPackage POST /v1alpha/{instance}/legacyPublisher:legacyAddConnectorPackage
    Uploads ingestion data from a remote agent to the Publisher.
    legacyCloudLog POST /v1alpha/{instance}/legacyPublisher:legacyCloudLog
    Sends operational logs from a remote agent to the SecOps instance for centralized auditing and troubleshooting.
    legacyCreateConnectorPackage POST /v1alpha/{instance}/legacyPublisher:legacyCreateConnectorPackage
    POST /upload/v1alpha/{instance}/legacyPublisher:legacyCreateConnectorPackage
    Uploads ingestion data from a remote agent to the Publisher.
    legacyDeleteIntegration POST /v1alpha/{instance}/legacyPublisher:legacyDeleteIntegration
    Signals a remote agent to remove a specific integration and all its associated configuration.
    legacyGetDependencyFile GET /v1alpha/{instance}/legacyPublisher:legacyGetDependencyFile
    Retrieves a specific Python dependency or shared library required for executing an integration on a remote agent.
    legacyGetHasLocallyScheduledRemoteConnectors GET /v1alpha/{instance}/legacyPublisher:legacyGetHasLocallyScheduledRemoteConnectors
    Checks if a specific integration has any connectors that are configured to be scheduled and executed locally on the remote agent.
    legacyGetInstaller GET /v1alpha/{instance}/legacyPublisher:legacyGetInstaller
    Returns the binary installer file for the remote agent software.
    legacyGetIntegrationDependencies GET /v1alpha/{instance}/legacyPublisher:legacyGetIntegrationDependencies
    Retrieves the full set of functional dependencies required for a specific integration to operate correctly on a remote agent.
    legacyGetLatestIntegrationVersion GET /v1alpha/{instance}/legacyPublisher:legacyGetLatestIntegrationVersion
    Retrieves information about the latest available version of a specific integration.
    legacyGetTaskData GET /v1alpha/{instance}/legacyPublisher:legacyGetTaskData
    Retrieves the configuration or operational data required by a remote agent to perform a specific task.
    legacyKeepAlive POST /v1alpha/{instance}/legacyPublisher:legacyKeepAlive
    Sends a heartbeat message from a remote agent to the SecOps instance.
    legacyListTasks GET /v1alpha/{instance}/legacyPublisher:legacyListTasks
    Lists the set of pending tasks (e.g., action executions, integration updates) assigned to a specific remote agent.
    legacyPing GET /v1alpha/{instance}/legacyPublisher:legacyPing
    Performs a simple diagnostic check to verify the availability and responsiveness of a remote agent.
    legacySetUpgradeInProgress POST /v1alpha/{instance}/legacyPublisher:legacySetUpgradeInProgress
    Sets a flag indicating that a remote agent is currently undergoing a software upgrade.
    legacyUpdateIntegrationStatus POST /v1alpha/{instance}/legacyPublisher:legacyUpdateIntegrationStatus
    Updates the installation status of a specific integration on a remote agent.
    legacyUpdateTask POST /v1alpha/{instance}/legacyPublisher:legacyUpdateTask
    Updates the execution status and results of an assigned task on a remote agent.
    legacyUpdateTaskResult POST /v1alpha/{instance}/legacyPublisher:legacyUpdateTaskResult
    POST /upload/v1alpha/{instance}/legacyPublisher:legacyUpdateTaskResult
    Updates the final result or output data for a completed remote task to the SecOps instance.

    REST Resource: v1alpha.projects.locations.instances.legacySdk

    Methods
    legacyAddAgentConnectorLogs POST /v1alpha/{instance}/legacySdk:legacyAddAgentConnectorLogs
    Uploads execution logs for a specific connector running on a remote agent.
    legacyAddAgentLogs POST /v1alpha/{instance}/legacySdk:legacyAddAgentLogs
    Uploads operational logs for a remote agent to the primary SecOps instance.
    legacyAddAttachment POST /v1alpha/{instance}/legacySdk:legacyAddAttachment
    Adds a new attachment to a specific case.
    legacyAddComment POST /v1alpha/{instance}/legacySdk:legacyAddComment
    Adds a comment to a case wall.
    legacyAddEntitiesToCustomList POST /v1alpha/{instance}/legacySdk:legacyAddEntitiesToCustomList
    Adds one or more entities to a specific custom list.
    legacyAddOrUpdateCaseTask POST /v1alpha/{instance}/legacySdk:legacyAddOrUpdateCaseTask
    Creates a new task or updates an existing one within a case.
    legacyAddTag POST /v1alpha/{instance}/legacySdk:legacyAddTag
    Adds a tag to a case.
    legacyAlertFullDetails POST /v1alpha/{instance}/legacySdk:legacyAlertFullDetails
    Returns the complete details for a specific alert, including all associated raw event data and its current suspicion status.
    legacyAlertSourceFile GET /v1alpha/{instance}/legacySdk:legacyAlertSourceFile
    Returns the raw source file content for a specific alert, if available from the original ingestion source.
    legacyAlertsFullDetails GET /v1alpha/{instance}/legacySdk:legacyAlertsFullDetails
    Returns the complete details for all alerts associated with a specific case.
    legacyAlertsTicketIdsByCaseId GET /v1alpha/{instance}/legacySdk:legacyAlertsTicketIdsByCaseId
    Returns all alert ticket identifiers associated with a specific case.
    legacyAnyEntityInCustomList POST /v1alpha/{instance}/legacySdk:legacyAnyEntityInCustomList
    Checks if any of the provided entities are currently present in a specific custom list.
    legacyAssignUser POST /v1alpha/{instance}/legacySdk:legacyAssignUser
    Assigns a case to a specific user.
    legacyAttacheWorkflowToCase POST /v1alpha/{instance}/legacySdk:legacyAttacheWorkflowToCase
    Manually initiates a specific response workflow (playbook) for a given security case.
    legacyAttachmentData GET /v1alpha/{instance}/legacySdk:legacyAttachmentData
    Returns the binary content of a specific attachment.
    legacyAttachments GET /v1alpha/{instance}/legacySdk:legacyAttachments
    Returns metadata for all attachments associated with a specific case.
    legacyCaseFullDetails GET /v1alpha/{instance}/legacySdk:legacyCaseFullDetails
    Returns the complete details for a specific case, including its constituent alerts, security entities, and execution history.
    legacyCaseMetadata GET /v1alpha/{instance}/legacySdk:legacyCaseMetadata
    Returns high-level metadata for a specific case, such as its title, priority level, and current status.
    legacyChangeCaseStage POST /v1alpha/{instance}/legacySdk:legacyChangeCaseStage
    Transitions a case to a different investigation stage (e.g., from Triage to Investigation).
    legacyChangePriority POST /v1alpha/{instance}/legacySdk:legacyChangePriority
    Updates the priority level of a specific case.
    legacyCloseAlert POST /v1alpha/{instance}/legacySdk:legacyCloseAlert
    Closes a specific alert within a case.
    legacyCloseCase POST /v1alpha/{instance}/legacySdk:legacyCloseCase
    Closes a specific case and all its constituent alerts.
    legacyCreateCase POST /v1alpha/{instance}/legacySdk:legacyCreateCase
    Creates a new investigation case.
    legacyCreateCaseInsight POST /v1alpha/{instance}/legacySdk:legacyCreateCaseInsight
    Creates a new insight (highlighted observation) for a case.
    legacyCreateConnectorPackage POST /v1alpha/{instance}/legacySdk:legacyCreateConnectorPackage
    Initiates the creation of a connector package for a specific integration.
    legacyCreateEntity POST /v1alpha/{instance}/legacySdk:legacyCreateEntity
    Manually adds a new entity to an alert in a case.
    legacyGetAgentById GET /v1alpha/{instance}/legacySdk:legacyGetAgentById
    Returns the technical configuration and operational health status for a specific remote agent.
    legacyGetAlertsTicketIdsFromCasesClosedSinceTimestamp POST /v1alpha/{instance}/legacySdk:legacyGetAlertsTicketIdsFromCasesClosedSinceTimestamp
    Returns the alert ticket identifiers associated with cases that were closed after the specified timestamp.
    legacyGetAlertsToSync POST /v1alpha/{instance}/legacySdk:legacyGetAlertsToSync
    Returns a list of alerts that are currently pending technical synchronization between SecOps and an external system (e.g., Chronicle SIEM).
    legacyGetCaseClosureDetails POST /v1alpha/{instance}/legacySdk:legacyGetCaseClosureDetails
    Returns the resolution details and closure metadata for a list of specified cases.
    legacyGetCaseComments GET /v1alpha/{instance}/legacySdk:legacyGetCaseComments
    Returns all comments and wall activities associated with a specific case.
    legacyGetCaseTasks GET /v1alpha/{instance}/legacySdk:legacyGetCaseTasks
    Returns all technical analyst requirements (tasks) associated with a specific case.
    legacyGetCasesByFilter POST /v1alpha/{instance}/legacySdk:legacyGetCasesByFilter
    Returns a list of case identifiers matching the provided legacy filter criteria.
    legacyGetCasesByRequest POST /v1alpha/{instance}/legacySdk:legacyGetCasesByRequest
    Returns cases matching the provided criteria.
    legacyGetCasesIdByFilter POST /v1alpha/{instance}/legacySdk:legacyGetCasesIdByFilter
    Returns a list of technical case identifiers matching the provided legacy filter criteria.
    legacyGetConnectorParameters GET /v1alpha/{instance}/legacySdk:legacyGetConnectorParameters
    Returns the current technical configuration parameters for a specific connector instance.
    legacyGetContextProperty POST /v1alpha/{instance}/legacySdk:legacyGetContextProperty
    Returns the technical metadata value associated with a specific key from a given investigative context.
    legacyGetCurrentSiemplifyVersion GET /v1alpha/{instance}/legacySdk:legacyGetCurrentSiemplifyVersion
    Returns the technical version identifier for the active SecOps platform instance.
    legacyGetCustomListCategories GET /v1alpha/{instance}/legacySdk:legacyGetCustomListCategories
    Returns the technical categories used to organize and manage custom watchlists and allowlists.
    legacyGetFailedActions GET /v1alpha/{instance}/legacySdk:legacyGetFailedActions
    Returns technical details for playbook actions that have failed within a specified timeframe.
    legacyGetFailedConnectors POST /v1alpha/{instance}/legacySdk:legacyGetFailedConnectors
    Returns technical metadata for ingestion connectors that have experienced malfunctions or stopped processing data.
    legacyGetFailedETLOperations GET /v1alpha/{instance}/legacySdk:legacyGetFailedETLOperations
    Returns a list of technical ETL (Extract, Transform, Load) operations that have failed during background processing.
    legacyGetFailedJobs GET /v1alpha/{instance}/legacySdk:legacyGetFailedJobs
    Returns technical metadata for background system jobs that have failed to complete successfully.
    legacyGetIntegrationVersion GET /v1alpha/{instance}/legacySdk:legacyGetIntegrationVersion
    Returns the technical version identifier for a specific installed integration.
    legacyGetProxySettings GET /v1alpha/{instance}/legacySdk:legacyGetProxySettings
    Returns the technical network configuration (proxy settings) used by the platform for external investigative communication.
    legacyGetPublisherById GET /v1alpha/{instance}/legacySdk:legacyGetPublisherById
    Returns technical metadata for a specific remote agent publisher by its identifier.
    legacyGetRemoteConnectorsKeysMap GET /v1alpha/{instance}/legacySdk:legacyGetRemoteConnectorsKeysMap
    Returns the technical mapping keys for remote connectors associated with a specified publisher.
    legacyGetSimilarCasesIds POST /v1alpha/{instance}/legacySdk:legacyGetSimilarCasesIds
    Returns a list of case identifiers for cases that are determined to be similar to the provided criteria.
    legacyGetSyncAlerts POST /v1alpha/{instance}/legacySdk:legacyGetSyncAlerts
    Returns comprehensive technical metadata for a set of alerts (detection events) matching synchronization criteria.
    legacyGetSyncCases POST /v1alpha/{instance}/legacySdk:legacyGetSyncCases
    Returns comprehensive investigative data for a set of cases matching technical synchronization criteria.
    legacyGetUpdatedSyncAlertsMetadata POST /v1alpha/{instance}/legacySdk:legacyGetUpdatedSyncAlertsMetadata
    Returns technical metadata for alerts whose tracked fields have been updated within a specified timeframe.
    legacyGetUpdatedSyncCasesMetadata POST /v1alpha/{instance}/legacySdk:legacyGetUpdatedSyncCasesMetadata
    Returns technical metadata for cases whose tracked fields have been updated.
    legacyGetUserFullName GET /v1alpha/{instance}/legacySdk:legacyGetUserFullName
    Returns the display name (full name) for a specified SecOps user.
    legacyIntegrationConfiguration GET /v1alpha/{instance}/legacySdk:legacyIntegrationConfiguration
    Returns the technical configuration settings for a specific installed integration.
    legacyMarkAsImportant POST /v1alpha/{instance}/legacySdk:legacyMarkAsImportant
    Marks a case as important (flagged).
    legacyRaiseIncident POST /v1alpha/{instance}/legacySdk:legacyRaiseIncident
    Escalates a specific investigation case to a formal incident.
    legacyRemoveEntitiesFromCustomList POST /v1alpha/{instance}/legacySdk:legacyRemoveEntitiesFromCustomList
    Removes one or more technical entities from a specific custom list.
    legacySendEmailWithAttachment POST /v1alpha/{instance}/legacySdk:legacySendEmailWithAttachment
    Shares one or more technical investigative artifacts (attachments) via email to specified recipients.
    legacySendSystemNotification POST /v1alpha/{instance}/legacySdk:legacySendSystemNotification
    Broadcasts a technical system notification to specified SecOps users.
    legacySetAlertSla POST /v1alpha/{instance}/legacySdk:legacySetAlertSla
    Configures the technical Service Level Agreement (SLA) target for a specific alert.
    legacySetCaseSla POST /v1alpha/{instance}/legacySdk:legacySetCaseSla
    Configures the technical Service Level Agreement (SLA) target for an entire investigation case.
    legacySetContextProperty POST /v1alpha/{instance}/legacySdk:legacySetContextProperty
    Configures a technical metadata value for a specific key within an investigative context.
    legacySystemInfo GET /v1alpha/{instance}/legacySdk:legacySystemInfo
    Returns comprehensive technical information about the current state, configuration, and health of the SecOps platform instance.
    legacyTrySetContextProperty POST /v1alpha/{instance}/legacySdk:legacyTrySetContextProperty
    Attempts to set a technical metadata value for a specific key within an investigative context, returning success or failure based on the operation's outcome.
    legacyUnraiseIncident POST /v1alpha/{instance}/legacySdk:legacyUnraiseIncident
    Reverts a formal incident back to a standard technical investigation case.
    legacyUpdateAlertPriority POST /v1alpha/{instance}/legacySdk:legacyUpdateAlertPriority
    Updates the priority level of a specific alert.
    legacyUpdateAlertsAdditional POST /v1alpha/{instance}/legacySdk:legacyUpdateAlertsAdditional
    Updates the additional data fields associated with a specific alert.
    legacyUpdateBatchCasesExternalCaseIds POST /v1alpha/{instance}/legacySdk:legacyUpdateBatchCasesExternalCaseIds
    Performs a technical bulk update of internal case identifiers with their corresponding external ticketing system identifiers.
    legacyUpdateCaseScore PATCH /v1alpha/{instance}/legacySdk:legacyUpdateCaseScore
    Updates the technical risk score for a specific investigation case.
    legacyUpdateConfigurationProperty PUT /v1alpha/{instance}/legacySdk:legacyUpdateConfigurationProperty
    Updates a configuration property for a specific integration.
    legacyUpdateConnectorParameter PUT /v1alpha/{instance}/legacySdk:legacyUpdateConnectorParameter
    Updates a dynamic parameter for a specific connector instance.
    legacyUpdateEntities POST /v1alpha/{instance}/legacySdk:legacyUpdateEntities
    Updates the technical metadata for one or more security entities.
    legacyUpdateNewAlertsSyncStatus POST /v1alpha/{instance}/legacySdk:legacyUpdateNewAlertsSyncStatus
    Updates the technical synchronization status for a set of new alerts.

    REST Resource: v1alpha.projects.locations.instances.legacySearches

    Methods
    download GET /v1alpha/{name}/legacySearches:legacyGetSearchResultsAsCsv
    LegacyGetSearchResultsAsCsv to get search results as csv.
    legacyCaseSearchEverything POST /v1alpha/{instance}/legacySearches:legacyCaseSearchEverything
    LegacyCaseSearchEverything to get search results for cases.
    legacyCaseSearchEverythingByIds POST /v1alpha/{instance}/legacySearches:legacyCaseSearchEverythingByIds
    LegacyCaseSearchEverythingByIds to get search results for cases by ids.
    legacyEntitySearchCount POST /v1alpha/{instance}/legacySearches:legacyEntitySearchCount
    LegacyEntitySearchCount to get entities count.
    legacyEntitySearchEntities POST /v1alpha/{instance}/legacySearches:legacyEntitySearchEntities
    LegacyEntitySearchEntities to get entities.
    legacyEntitySearchEverything POST /v1alpha/{instance}/legacySearches:legacyEntitySearchEverything
    LegacyEntitySearchEverything to get search results for entities.
    legacyGetCasesFilterUserAndRoles POST /v1alpha/{instance}/legacySearches:legacyGetCasesFilterUserAndRoles
    LegacyGetCasesFilterUserAndRoles to get cases filter user and roles.
    legacyGetCasesFilterValues POST /v1alpha/{instance}/legacySearches:legacyGetCasesFilterValues
    LegacyGetCasesFilterValues to get cases filter values.
    legacyGetEntitiesFilterValues POST /v1alpha/{instance}/legacySearches:legacyGetEntitiesFilterValues
    LegacyGetEntitiesFilterValues to get entities filter values.

    REST Resource: v1alpha.projects.locations.instances.legacySoarAudit

    Methods
    legacyExportAuditLastWeekAsCsvV2 POST /v1alpha/{instance}/legacySoarAudit:legacyExportAuditLastWeekAsCsvV2
    Exports the audit logs for the last week as a CSV file for download.
    legacyGetAuditDataV2 POST /v1alpha/{instance}/legacySoarAudit:legacyGetAuditDataV2
    Retrieves a paginated list of audit logs and statistical data from SecOps.

    REST Resource: v1alpha.projects.locations.instances.legacySoarDashboard

    Methods
    legacyAddOrUpdateDashboard POST /v1alpha/{instance}/legacySoarDashboard:legacyAddOrUpdateDashboard
    Adds a new dashboard or updates an existing one (determined by dashboard identifier).
    legacyAddOrUpdateDashboardWidget POST /v1alpha/{instance}/legacySoarDashboard:legacyAddOrUpdateDashboardWidget
    Adds a new dashboard widget or updates an existing one (determined by widget identifier).
    legacyDeleteDashboard POST /v1alpha/{instance}/legacySoarDashboard:legacyDeleteDashboard
    Deletes a dashboard and all its associated widgets.
    legacyDeleteDashboardWidget POST /v1alpha/{instance}/legacySoarDashboard:legacyDeleteDashboardWidget
    Deletes a specific dashboard widget.
    legacyGetCasesTimeToRespond GET /v1alpha/{instance}/legacySoarDashboard:legacyGetCasesTimeToRespond
    Returns the average time taken to respond to cases within a specific dashboard, filtered by the provided time range.
    legacyGetDashboard POST /v1alpha/{name}/legacySoarDashboard:legacyGetDashboard
    Returns a detailed data model of a dashboard identified by its ID, including its configuration, allowed environments, and all contained widgets.
    legacyGetDashboardCards GET /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardCards
    Returns a mapping of dashboard IDs to their names for all dashboards accessible by the requesting user.
    legacyGetDashboardCustomWidgetCaseIds POST /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardCustomWidgetCaseIds
    Returns a list of case IDs associated with a custom widget.
    legacyGetDashboardPlaybookRuns POST /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardPlaybookRuns
    Returns a list of recent playbook runs associated with a specific dashboard widget.
    legacyGetDashboardPlaybooks GET /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardPlaybooks
    Returns a list of playbooks that have available data for dashboard reporting.
    legacyGetDashboardWidgetCaseIds POST /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardWidgetCaseIds
    Returns a list of case IDs involved in the widgets presented in the dashboard.
    legacyGetDashboardWidgetDefinitions GET /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardWidgetDefinitions
    Returns all available widget definitions that can be used to construct a dashboard.
    legacyGetDashboardWidgetValues POST /v1alpha/{instance}/legacySoarDashboard:legacyGetDashboardWidgetValues
    Returns the calculated data series and values for a specific dashboard widget.
    legacyGetOpenedAndClosedCasesTrends GET /v1alpha/{instance}/legacySoarDashboard:legacyGetOpenedAndClosedCasesTrends
    Returns the historical trends of opened versus closed cases over a specified time period.
    legacyGetPlaybookMonitoring POST /v1alpha/{instance}/legacySoarDashboard:legacyGetPlaybookMonitoring
    Returns a monitoring-focused dashboard view for a specific playbook.
    legacyImportDashboard POST /v1alpha/{instance}/legacySoarDashboard:legacyImportDashboard
    Imports a dashboard configuration from a JSON file.
    legacySaveDashboardAsReportTemplate POST /v1alpha/{instance}/legacySoarDashboard:legacySaveDashboardAsReportTemplate
    Saves the current dashboard configuration as a report template.

    REST Resource: v1alpha.projects.locations.instances.legacySoarIdpMappingGroups

    Methods
    batchUpdate POST /v1alpha/{parent}/legacySoarIdpMappingGroups:batchUpdate
    Updates multiple IDP mapping groups in a single batch operation, allowing for efficient management of large numbers of mappings.
    create POST /v1alpha/{parent}/legacySoarIdpMappingGroups
    Creates a new IDP mapping group to define how users from an external identity provider should be provisioned and restricted within the SecOps platform.
    delete DELETE /v1alpha/{name}
    Deletes an IDP mapping group, removing the mapping between the external IdP group and SecOps resources.
    get GET /v1alpha/{name}
    Retrieves a detailed configuration of a specific IDP mapping group identified by its resource name.
    getExternalProviders GET /v1alpha/{name}/legacySoarIdpMappingGroups:getExternalProviders
    Retrieves the external identity providers configured for the system.
    list GET /v1alpha/{parent}/legacySoarIdpMappingGroups
    Returns a paginated list of all IDP mapping groups within a specific SecOps instance.
    patch PATCH /v1alpha/{legacySoarIdpMappingGroup.name}
    Updates an existing IDP mapping group.
    updateDefaultAccessSettings POST /v1alpha/{name}/legacySoarIdpMappingGroups:updateDefaultAccessSettings
    Updates the default access settings for an external identity provider.

    REST Resource: v1alpha.projects.locations.instances.legacySoarPermissionGroups

    Methods
    list GET /v1alpha/{parent}/legacySoarPermissionGroups
    Lists LegacySoarPermissionGroups.

    REST Resource: v1alpha.projects.locations.instances.legacySoarReports

    Methods
    download GET /v1alpha/{name}/legacySoarReports:legacyGenerateReportTemplate
    LegacyGenerateReportTemplate to generate a report template.
    legacyAddOrUpdateReportSchedule POST /v1alpha/{instance}/legacySoarReports:legacyAddOrUpdateReportSchedule
    LegacyAddOrUpdateReportSchedule to add or update a report schedule.
    legacyAddOrUpdateReportTemplate POST /v1alpha/{instance}/legacySoarReports:legacyAddOrUpdateReportTemplate
    LegacyAddOrUpdateReportTemplate to add or update a report template.
    legacyAddOrUpdateReportWidget POST /v1alpha/{instance}/legacySoarReports:legacyAddOrUpdateReportWidget
    LegacyAddOrUpdateReportWidget to add or update a report widget.
    legacyDeleteReportSchedule GET /v1alpha/{instance}/legacySoarReports:legacyDeleteReportSchedule
    LegacyDeleteReportSchedule to delete a report schedule.
    legacyDuplicateReportTemplate POST /v1alpha/{instance}/legacySoarReports:legacyDuplicateReportTemplate
    LegacyDuplicateReportTemplate to duplicate a report template.
    legacyGetAdvancedReports GET /v1alpha/{instance}/legacySoarReports:legacyGetAdvancedReports
    LegacyGetAdvancedReports to get advanced reports.
    legacyGetReportSchedules POST /v1alpha/{instance}/legacySoarReports:legacyGetReportSchedules
    LegacyGetReportSchedules to get report schedules.
    legacyGetReportTemplates GET /v1alpha/{instance}/legacySoarReports:legacyGetReportTemplates
    LegacyGetReportTemplates to get report templates.
    legacyImportReportTemplate POST /v1alpha/{instance}/legacySoarReports:legacyImportReportTemplate
    LegacyImportReportTemplate to import report templates.
    legacyRefreshAdvancedReports GET /v1alpha/{instance}/legacySoarReports:legacyRefreshAdvancedReports
    LegacyRefreshAdvancedReports to refresh advanced reports.
    legacyRemoveReportTemplate GET /v1alpha/{instance}/legacySoarReports:legacyRemoveReportTemplate
    LegacyRemoveReportTemplate to remove report templates.
    legacyRemoveReportWidget GET /v1alpha/{instance}/legacySoarReports:legacyRemoveReportWidget
    LegacyRemoveReportWidget to remove report templates.
    legacyShareAdvancedReport POST /v1alpha/{instance}/legacySoarReports:legacyShareAdvancedReport
    LegacyShareAdvancedReport to share advanced reports.
    legacyUploadAdvancedReport POST /v1alpha/{instance}/legacySoarReports:legacyUploadAdvancedReport
    LegacyUploadAdvancedReport to upload advanced reports.

    REST Resource: v1alpha.projects.locations.instances.legacySoarSettings

    Methods
    legacyAddVisualSummaryRecords POST /v1alpha/{instance}/legacySoarSettings:legacyAddVisualSummaryRecords
    AddVisualSummaryRecords adds visual summary records to the environment.
    legacyGetAllPlaybookActionDefinitions GET /v1alpha/{instance}/legacySoarSettings:legacyGetAllPlaybookActionDefinitions
    LegacyGetAllPlaybookActionDefinitions returns all playbook action definitions.
    legacyGetCaseAlertPlaybookTriggerFilterValues GET /v1alpha/{instance}/legacySoarSettings:legacyGetCaseAlertPlaybookTriggerFilterValues
    LegacyGetCaseAlertPlaybookTriggerFilterValues returns the case alert playbook trigger filter values.
    legacyGetCaseAlertTypeFilterValues GET /v1alpha/{instance}/legacySoarSettings:legacyGetCaseAlertTypeFilterValues
    LegacyGetCaseAlertTypeFilterValues returns the case alert type filter values.
    legacyGetCustomActionDetailsById GET /v1alpha/{instance}/legacySoarSettings:legacyGetCustomActionDetailsById
    LegacyGetCustomActionDetailsById returns the custom action details by id.
    legacyGetDataSourcesForGroupingRule POST /v1alpha/{instance}/legacySoarSettings:legacyGetDataSourcesForGroupingRule
    LegacyGetDataSourcesForGroupingRule returns the data sources for grouping rule.
    legacyGetEnvironmentActionDefinitions POST /v1alpha/{instance}/legacySoarSettings:legacyGetEnvironmentActionDefinitions
    LegacyGetEnvironmentActionDefinitions returns the environment action definitions.
    legacyGetEnvironmentStatistics POST /v1alpha/{instance}/legacySoarSettings:legacyGetEnvironmentStatistics
    LegacyGetEnvironmentStatistics returns the environment statistics.
    legacyGetPlaybookActionDefinitions POST /v1alpha/{instance}/legacySoarSettings:legacyGetPlaybookActionDefinitions
    LegacyGetPlaybookActionDefinitions returns the playbook action definitions.
    legacyGetProductsForGroupingRule POST /v1alpha/{instance}/legacySoarSettings:legacyGetProductsForGroupingRule
    LegacyGetProductsForGroupingRule returns the products for grouping rule.
    legacyGetSystemEventEntityTypes GET /v1alpha/{instance}/legacySoarSettings:legacyGetSystemEventEntityTypes
    LegacyGetSystemEventEntityTypes returns the system event entity types.
    legacyGetTimeZones GET /v1alpha/{instance}/legacySoarSettings:legacyGetTimeZones
    LegacyGetTimeZones returns the time zones.
    legacyGetUserRegistrationSettings GET /v1alpha/{instance}/legacySoarSettings:legacyGetUserRegistrationSettings
    LegacyGetUserRegistrationSettings returns the user registration settings.
    legacyGetVisualSummaryRecords GET /v1alpha/{instance}/legacySoarSettings:legacyGetVisualSummaryRecords
    LegacyGetVisualSummaryRecords returns the visual summary records.
    legacyIsPermittedToEnvironment GET /v1alpha/{instance}/legacySoarSettings:legacyIsPermittedToEnvironment
    LegacyIsPermittedToEnvironment checks if the user is permitted to the environment.
    legacyTestEmailSettings POST /v1alpha/{instance}/legacySoarSettings:legacyTestEmailSettings
    LegacyTestEmailSettings tests the email settings.
    legacyUploadCustomActionResultJson POST /v1alpha/{instance}/legacySoarSettings:legacyUploadCustomActionResultJson
    LegacyUploadCustomActionResultJson uploads the custom action result json.

    REST Resource: v1alpha.projects.locations.instances.legacySoarUsers

    Methods
    delete DELETE /v1alpha/{name}
    Delete a LegacySoarUser.
    get GET /v1alpha/{name}
    Get a LegacySoarUser.
    getLocalization GET /v1alpha/{name}
    Gets the localization settings for a specific user.
    getNotificationSettings GET /v1alpha/{name}
    Gets the notification settings for a specific user.
    list GET /v1alpha/{parent}/legacySoarUsers
    Lists LegacySoarUsers.
    updateLocalization PATCH /v1alpha/{userLocalization.name}
    Updates the localization settings for a specific user.
    updateNotificationSettings PATCH /v1alpha/{notificationSettings.name}
    Updates the notification settings for a specific user.

    REST Resource: v1alpha.projects.locations.instances.legacySoarUsers.attachments

    Methods
    delete DELETE /v1alpha/{name}
    Deletes an Attachment.
    download GET /v1alpha/{name}:download
    Exports (downloads) an Attachment's raw content.
    get GET /v1alpha/{name}
    Gets a single Attachment by its resource name.
    list GET /v1alpha/{parent}/attachments
    Lists Attachments belonging to a specific user.
    upload POST /v1alpha/{parent}/attachments:create
    POST /upload/v1alpha/{parent}/attachments:create
    Creates a new Attachment by uploading a file.

    REST Resource: v1alpha.projects.locations.instances.legacySoarUsers.userNotifications

    Methods
    count GET /v1alpha/{parent}/userNotifications:count
    Counts UserNotifications for a given user.
    get GET /v1alpha/{name}
    Get a User UserNotification.
    list GET /v1alpha/{parent}/userNotifications
    Lists User Notifications.
    markAsRead POST /v1alpha/{parent}/userNotifications:markAsRead
    Marks UserNotification as read.

    REST Resource: v1alpha.projects.locations.instances.legacySoarUsers.workdeskContacts

    Methods
    create POST /v1alpha/{parent}/workdeskContacts
    Create a WorkdeskContact.
    delete DELETE /v1alpha/{name}
    Delete a WorkdeskContact.
    get GET /v1alpha/{name}
    Get a SOAR WorkdeskContact.
    list GET /v1alpha/{parent}/workdeskContacts
    Lists SOAR workdeskContacts.
    patch PATCH /v1alpha/{workdeskContact.name}
    Update a WorkdeskContact.

    REST Resource: v1alpha.projects.locations.instances.legacySoarUsers.workdeskNotes

    Methods
    create POST /v1alpha/{parent}/workdeskNotes
    Create a WorkdeskNote.
    delete DELETE /v1alpha/{name}
    Delete a WorkdeskNote.
    get GET /v1alpha/{name}
    Get a SOAR WorkdeskNote.
    list GET /v1alpha/{parent}/workdeskNotes
    Lists SOAR WorkdeskNotes.
    patch PATCH /v1alpha/{workdeskNote.name}
    Update a WorkdeskNote.

    REST Resource: v1alpha.projects.locations.instances.legacySystem

    Methods
    legacyGetLicenseStatus GET /v1alpha/{instance}/legacySystem:legacyGetLicenseStatus
    Returns the current status of the SecOps license.
    legacyGetMaximumDataRetentionValue GET /v1alpha/{instance}/legacySystem:legacyGetMaximumDataRetentionValue
    Returns the maximum data retention period allowed by the current license, expressed in months.
    legacyGetSystemVersion GET /v1alpha/{instance}/legacySystem:legacyGetSystemVersion
    Returns the current version of the SecOps platform.

    REST Resource: v1alpha.projects.locations.instances.legacySystemMetadata

    Methods
    placeholders GET /v1alpha/{instance}/legacySystemMetadata:placeholders
    Legacy Get Placeholder Names.

    REST Resource: v1alpha.projects.locations.instances.logProcessingPipelines

    Methods
    associateStreams POST /v1alpha/{name}:associateStreams
    Maps a set of streams to a log processing pipeline.
    create POST /v1alpha/{parent}/logProcessingPipelines
    Create a new LogProcessingPipeline
    delete DELETE /v1alpha/{name}
    Deletes a LogProcessingPipeline configuration.
    dissociateStreams POST /v1alpha/{name}:dissociateStreams
    Unmaps a set of streams from a log processing pipeline.
    fetchAssociatedPipeline GET /v1alpha/{parent}/logProcessingPipelines:fetchAssociatedPipeline
    Fetch LogProcessingPipeline, if any, is associated with a given stream.
    fetchSampleLogsByStreams POST /v1alpha/{parent}/logProcessingPipelines:fetchSampleLogsByStreams
    FetchSampleLogsByStreams previews sample unprocessed logs for a given log processing pipeline.
    get GET /v1alpha/{name}
    Get details of a specific LogProcessingPipeline.
    list GET /v1alpha/{parent}/logProcessingPipelines
    Lists LogProcessingPipeline configurations in a given project, location and SecOps instance.
    patch PATCH /v1alpha/{logProcessingPipeline.name}
    Updates an existing LogProcessingPipeline configuration.
    testPipeline POST /v1alpha/{parent}/logProcessingPipelines:testPipeline
    TestPipeline previews processed logs for a given log processing pipeline for a given input sample logs.

    REST Resource: v1alpha.projects.locations.instances.logTypes

    Methods
    create POST /v1alpha/{parent}/logTypes
    Create LogType.
    generateEventTypesSuggestions POST /v1alpha/{logtype}:generateEventTypesSuggestions
    GenerateEventTypesSuggestions generates event types suggestions that can be mapped by a lowcode parser.
    getLogTypeSetting GET /v1alpha/{name}
    Gets a LogTypeSetting.
    legacySubmitParserExtension POST /v1alpha/{parent}:legacySubmitParserExtension
    LegacySubmitParserExtension creates validates and then makes the extension live.
    list GET /v1alpha/{parent}/logTypes
    Lists all LogTypes.
    runParser POST /v1alpha/{logtype}:runParser
    RunParser runs the parser against a log and returns normalized events or any error that occurred during the normalization.
    updateLogTypeSetting PATCH /v1alpha/{logTypeSetting.name}
    UpdateLogTypeSetting updates the log type setting for a log type.

    REST Resource: v1alpha.projects.locations.instances.logTypes.logTypeSettings

    Methods
    list GET /v1alpha/{parent}/logTypeSettings
    Lists all LogTypeSettings.

    REST Resource: v1alpha.projects.locations.instances.logTypes.logs

    Methods
    import POST /v1alpha/{parent}/logs:import
    Import log telemetry.
    list GET /v1alpha/{parent}/logs
    Lists all Logs.

    REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions

    Methods
    activate POST /v1alpha/{name}:activate
    ActivateParserExtension switches the customer to use requested parser extension, This will set the extension state to ACTIVE.
    create POST /v1alpha/{parent}/parserExtensions
    Create a parser extension.
    delete DELETE /v1alpha/{name}
    Delete a parser extension.
    get GET /v1alpha/{name}
    Get a parser extension.
    list GET /v1alpha/{parent}/parserExtensions
    List all parser extensions.

    REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions.extensionValidationReports

    Methods
    get GET /v1alpha/{name}
    Get a parser vaildation report.
    list GET /v1alpha/{parent}/extensionValidationReports
    List all parser validation reports for a parser extension.

    REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions.extensionValidationReports.validationErrors

    Methods
    list GET /v1alpha/{parent}/validationErrors
    List validation errors of a parser extension validation report.

    REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions.validationReports

    Methods
    get GET /v1alpha/{name}
    Get a validation report.

    REST Resource: v1alpha.projects.locations.instances.logTypes.parserExtensions.validationReports.parsingErrors

    Methods
    list GET /v1alpha/{parent}/parsingErrors
    List parsing errors of a validation report.

    REST Resource: v1alpha.projects.locations.instances.logTypes.parsers

    Methods
    activate POST /v1alpha/{name}:activate
    ActivateParser switches the customer to use requested parser, This will set the Parser state to ACTIVE.
    activateReleaseCandidateParser POST /v1alpha/{name}:activateReleaseCandidateParser
    ActivateReleaseCandidateParser makes the release candidate parser live for that customer.
    copy POST /v1alpha/{name}:copy
    CopyPrebuiltParser makes a copy of a prebuilt parser.
    create POST /v1alpha/{parent}/parsers
    Create a parser.
    deactivate POST /v1alpha/{name}:deactivate
    DeactivateParser deactivates the requested parser, and activates the prebuilt release parser.
    delete DELETE /v1alpha/{name}
    Delete a parser.
    fetchParserCandidates GET /v1alpha/{name}/parsers:fetchParserCandidates
    FetchParserCandidates fetches the parser candidates for a given log type.
    get GET /v1alpha/{name}
    Get a parser.
    list GET /v1alpha/{parent}/parsers
    List all parsers.
    patch PATCH /v1alpha/{parser.name}
    Update a parser.

    REST Resource: v1alpha.projects.locations.instances.logTypes.parsers.validationReports

    Methods
    get GET /v1alpha/{name}
    Get a validation report.

    REST Resource: v1alpha.projects.locations.instances.logTypes.parsers.validationReports.parsingErrors

    Methods
    list GET /v1alpha/{parent}/parsingErrors
    List parsing errors of a validation report.

    REST Resource: v1alpha.projects.locations.instances.logs

    Methods
    classify POST /v1alpha/{parent}/logs:classify
    Classify the logs to the corresponding logType.

    REST Resource: v1alpha.projects.locations.instances.marketplaceIntegrations

    Methods
    fetchCommercialDiff GET /v1alpha/{name}:fetchCommercialDiff
    Retrieves the differences between the currently installed version of an integration and the commercial version available in the marketplace.
    get GET /v1alpha/{name}
    Retrieves detailed metadata for a specific marketplace integration identified by its resource name.
    install POST /v1alpha/{parent}:install
    Installs a specific version of a marketplace integration into a SecOps instance.
    list GET /v1alpha/{parent}/marketplaceIntegrations
    Returns a paginated list of integrations available in the SecOps Marketplace.
    uninstall POST /v1alpha/{name}:uninstall
    Uninstalls a previously installed marketplace integration, removing its components and configuration from the SecOps instance.

    REST Resource: v1alpha.projects.locations.instances.moduleSettings

    Methods
    get GET /v1alpha/{name}
    Gets a single ModuleSettings resource.
    list GET /v1alpha/{parent}/moduleSettings
    Lists available ModuleSettings resources.
    rebrandingSettings GET /v1alpha/{parent}/moduleSettings:rebrandingSettings
    Retrieves the branding and visual customization settings for the SecOps platform.

    REST Resource: v1alpha.projects.locations.instances.moduleSettings.properties

    Methods
    batchUpdate POST /v1alpha/{parent}/properties:batchUpdate
    Updates multiple properties within a single module.
    get GET /v1alpha/{name}
    Gets a single ModuleSettingsProperty.
    list GET /v1alpha/{parent}/properties
    Lists all properties of a given module setting.
    patch PATCH /v1alpha/{moduleSettingsProperty.name}
    Updates a single property of a module setting.
    testSettings POST /v1alpha/{parent}/properties:testSettings
    Tests the provided configuration properties.

    REST Resource: v1alpha.projects.locations.instances.nativeDashboards

    Methods
    addChart POST /v1alpha/{name}:addChart
    Add chart in a dashboard.
    create POST /v1alpha/{parent}/nativeDashboards
    Create a dashboard.
    delete DELETE /v1alpha/{name}
    Delete a dashboard.
    duplicate POST /v1alpha/{name}:duplicate
    Duplicate a dashboard.
    duplicateChart POST /v1alpha/{name}:duplicateChart
    Duplicate chart in a dashboard.
    editChart POST /v1alpha/{name}:editChart
    Edit chart in a dashboard.
    export POST /v1alpha/{parent}/nativeDashboards:export
    Exports the dashboards.
    get GET /v1alpha/{name}
    Get a dashboard.
    import POST /v1alpha/{parent}/nativeDashboards:import
    Imports the dashboards.
    list GET /v1alpha/{parent}/nativeDashboards
    List all dashboards.
    patch PATCH /v1alpha/{nativeDashboard.name}
    Update a dashboard.
    removeChart POST /v1alpha/{name}:removeChart
    Remove chart from a dashboard.

    REST Resource: v1alpha.projects.locations.instances.notebooks

    Methods
    get GET /v1alpha/{name}
    GetNotebook is used to retrieve an notebook.
    list GET /v1alpha/{parent}/notebooks
    ListNotebooks is used to retrieve existing notebooks for a given instance.

    REST Resource: v1alpha.projects.locations.instances.ontologyRecords

    Methods
    delete DELETE /v1alpha/{name}
    Delete an ontology record.
    export POST /v1alpha/{parent}/ontologyRecords:export
    Export ontology records.
    family GET /v1alpha/{parent}/ontologyRecords:family
    Fetch ontology family.
    get GET /v1alpha/{name}
    Get specific ontology record.
    import POST /v1alpha/{parent}/ontologyRecords:import
    Import ontology records.
    list GET /v1alpha/{parent}/ontologyRecords
    List all ontology records.
    patch PATCH /v1alpha/{ontologyRecord.name}
    Update an ontology record.
    statistics GET /v1alpha/{parent}/ontologyRecords:statistics
    Get ontology records statistics.

    REST Resource: v1alpha.projects.locations.instances.ontologyRecords.mappingRules

    Methods
    delete DELETE /v1alpha/{name}
    Deletes a specific mapping rule.
    fetchAll GET /v1alpha/{parent}/mappingRules:fetchAll
    Returns all relevant mapping rules for a specific event context (source, product, and event name).
    get GET /v1alpha/{name}
    Retrieves a specific mapping rule identified by its resource name.
    list GET /v1alpha/{parent}/mappingRules
    Returns a paginated list of all mapping rules associated with a specific ontology record.
    patch PATCH /v1alpha/{mappingRule.name}
    Updates an existing mapping rule.
    save POST /v1alpha/{parent}/mappingRules:save
    Saves a mapping rule configuration for a specific ontology record.
    test POST /v1alpha/{name}:test
    Validates the logic of a specific mapping rule by applying it to a sample raw data field name and value.

    REST Resource: v1alpha.projects.locations.instances.ontologyRecords.visualFamilies

    Methods
    create POST /v1alpha/{parent}/visualFamilies
    Creates a new VisualFamily.
    delete DELETE /v1alpha/{name}
    Deletes a VisualFamily.
    export POST /v1alpha/{parent}/visualFamilies:export
    Exports VisualFamilies.
    get GET /v1alpha/{name}
    Gets a VisualFamily.
    import POST /v1alpha/{parent}/visualFamilies:import
    Imports VisualFamilies.
    list GET /v1alpha/{parent}/visualFamilies
    Lists VisualFamilies in a given ontology record.
    patch PATCH /v1alpha/{visualFamily.name}
    Updates a VisualFamily.

    REST Resource: v1alpha.projects.locations.instances.operations

    Methods
    cancel POST /v1alpha/{name}:cancel
    Starts asynchronous cancellation on a long-running operation.
    delete DELETE /v1alpha/{name}
    Deletes a long-running operation.
    get GET /v1alpha/{name}
    Gets the latest state of a long-running operation.
    list GET /v1alpha/{name}/operations
    Lists operations that match the specified filter in the request.
    streamSearch GET /v1alpha/{name}:streamSearch
    Streams the results of an in-progress search operation, or returns the final results of a completed operation.

    REST Resource: v1alpha.projects.locations.instances.propertySchemaDefinitions

    Methods
    create POST /v1alpha/{parent}/propertySchemaDefinitions
    Create a PropertySchemaDefinition.
    delete DELETE /v1alpha/{name}
    Delete a PropertySchemaDefinition.
    get GET /v1alpha/{name}
    Get a PropertySchemaDefinition.
    list GET /v1alpha/{parent}/propertySchemaDefinitions
    Lists PropertySchemaDefinitions.
    patch PATCH /v1alpha/{propertySchemaDefinition.name}
    Update a PropertySchemaDefinition.

    REST Resource: v1alpha.projects.locations.instances.referenceLists

    Methods
    create POST /v1alpha/{parent}/referenceLists
    Creates a new reference list.
    get GET /v1alpha/{name}
    Gets a single reference list.
    list GET /v1alpha/{parent}/referenceLists
    Lists a collection of reference lists.
    patch PATCH /v1alpha/{referenceList.name}
    Updates an existing reference list.

    REST Resource: v1alpha.projects.locations.instances.remoteAgents

    Methods
    connectorValidRemoteAgents GET /v1alpha/{parent}/remoteAgents:connectorValidRemoteAgents
    Lists all RemoteAgents that are valid and compatible with a specific connector.
    create POST /v1alpha/{parent}/remoteAgents
    Creates a new RemoteAgent.
    delete DELETE /v1alpha/{name}
    Deletes a RemoteAgent.
    fetchEditableRemoteAgents GET /v1alpha/{parent}/remoteAgents:fetchEditableRemoteAgents
    Lists all RemoteAgents that the requesting user has permissions to edit.
    fetchInstallationCommand GET /v1alpha/{name}:fetchInstallationCommand
    Retrieves the specific command string required to install a RemoteAgent.
    fetchInstallerFile GET /v1alpha/{name}:fetchInstallerFile
    Retrieves a download link for the RemoteAgent's installer file.
    fetchRedeployStatus GET /v1alpha/{name}:fetchRedeployStatus
    Returns the redeployment status for integrations on a RemoteAgent.
    fetchRemoteAgentsCompatibleWithJobs GET /v1alpha/{parent}/remoteAgents:fetchRemoteAgentsCompatibleWithJobs
    Lists all RemoteAgents compatible with executing jobs for a specific integration.
    fetchRemoteAgentsInformation POST /v1alpha/{parent}/remoteAgents:fetchRemoteAgentsInformation
    Retrieves detailed information for a list of RemoteAgents.
    get GET /v1alpha/{name}
    Gets a single RemoteAgent.
    list GET /v1alpha/{parent}/remoteAgents
    Lists RemoteAgents.
    migrateConnectors POST /v1alpha/{name}:migrateConnectors
    Migrates legacy connectors on a RemoteAgent from remote to local scheduling.
    patch PATCH /v1alpha/{remoteAgent.name}
    Updates an existing RemoteAgent.
    redeployRemoteAgent POST /v1alpha/{parent}/remoteAgents:redeployRemoteAgent
    Redeploys configuration from one RemoteAgent to another.
    sendRemoteAgentInstaller POST /v1alpha/{name}:sendRemoteAgentInstaller
    Sends the RemoteAgent installer via email.
    upgradeRemoteAgent POST /v1alpha/{name}:upgradeRemoteAgent
    Upgrades a RemoteAgent to the latest available version.

    REST Resource: v1alpha.projects.locations.instances.requestTemplates

    Methods
    create POST /v1alpha/{parent}/requestTemplates
    Defines a new manual request form, specifying the input fields analysts must provide and how the data should be visually mapped in cases.
    delete DELETE /v1alpha/{name}
    Permanently removes an obsolete manual request form from the system.
    get GET /v1alpha/{name}
    Retrieves the definition of a manual request form, including its display fields, visual mapping, and associated environments.
    list GET /v1alpha/{parent}/requestTemplates
    Lists all available manual request forms configured in the system.
    patch PATCH /v1alpha/{requestTemplate.name}
    Modifies a manual request form's structure, such as adding or removing fields, or adjusting environment associations.

    REST Resource: v1alpha.projects.locations.instances.ruleExecutionErrors

    Methods
    list GET /v1alpha/{parent}/ruleExecutionErrors
    Lists rule execution errors.

    REST Resource: v1alpha.projects.locations.instances.rules

    Methods
    create POST /v1alpha/{parent}/rules
    Creates a new Rule.
    delete DELETE /v1alpha/{name}
    Deletes a Rule.
    get GET /v1alpha/{name}
    Gets a Rule.
    getDeployment GET /v1alpha/{name}
    Gets a RuleDeployment.
    list GET /v1alpha/{parent}/rules
    Lists Rules.
    listRevisions GET /v1alpha/{name}:listRevisions
    Lists all revisions of the rule.
    modifyRules POST /v1alpha/{parent}/rules:modifyRules
    ModifyRules allows users to modify the rule config for multiple rules at once.
    patch PATCH /v1alpha/{rule.name}
    Updates a Rule.
    updateDeployment PATCH /v1alpha/{ruleDeployment.name}
    Updates a RuleDeployment.

    REST Resource: v1alpha.projects.locations.instances.rules.deployments

    Methods
    list GET /v1alpha/{parent}/deployments
    Lists RuleDeployments across all Rules.

    REST Resource: v1alpha.projects.locations.instances.rules.retrohunts

    Methods
    create POST /v1alpha/{parent}/retrohunts
    Create a Retrohunt.
    get GET /v1alpha/{name}
    Get a Retrohunt.
    list GET /v1alpha/{parent}/retrohunts
    List Retrohunts.

    REST Resource: v1alpha.projects.locations.instances.savedColumnSets

    Methods
    create POST /v1alpha/{parent}/savedColumnSets
    Endpoint for adding a new saved column set to the specified instance.
    delete DELETE /v1alpha/{name}
    Endpoint for deleting a saved column set.
    get GET /v1alpha/{name}
    Endpoint for getting a user's saved column set.
    list GET /v1alpha/{parent}/savedColumnSets
    Endpoint for listing the saved column sets.
    patch PATCH /v1alpha/{savedColumnSet.name}
    Endpoint for updating user data saved column set

    REST Resource: v1alpha.projects.locations.instances.slaDefinitions

    Methods
    create POST /v1alpha/{parent}/slaDefinitions
    Creates a new SlaDefinition.
    delete DELETE /v1alpha/{name}
    Deletes a SlaDefinition.
    export GET /v1alpha/{parent}/slaDefinitions:export
    Exports all SlaDefinitions to a CSV file.
    get GET /v1alpha/{name}
    Gets a single SlaDefinition.
    import POST /v1alpha/{parent}/slaDefinitions:import
    Imports SlaDefinitions from a CSV file.
    list GET /v1alpha/{parent}/slaDefinitions
    Lists all SlaDefinitions.
    patch PATCH /v1alpha/{slaDefinition.name}
    Updates an existing SlaDefinition.

    REST Resource: v1alpha.projects.locations.instances.soarDomains

    Methods
    create POST /v1alpha/{parent}/soarDomains
    Create a SoarDomain.
    delete DELETE /v1alpha/{name}
    Delete a SoarDomain.
    export GET /v1alpha/{parent}/soarDomains:export
    Export SoarDomains.
    get GET /v1alpha/{name}
    Get a SoarDomain.
    import POST /v1alpha/{parent}/soarDomains:import
    Import SoarDomains.
    list GET /v1alpha/{parent}/soarDomains
    Lists soar domains.
    patch PATCH /v1alpha/{soarDomain.name}
    Update a SoarDomain.

    REST Resource: v1alpha.projects.locations.instances.soarNetworks

    Methods
    create POST /v1alpha/{parent}/soarNetworks
    Create a SoarNetwork.
    delete DELETE /v1alpha/{name}
    Delete a SoarNetwork.
    deleteAll DELETE /v1alpha/{parent}/soarNetworks:all
    Delete a SoarNetwork.
    export GET /v1alpha/{parent}/soarNetworks:export
    Export SoarNetworks.
    get GET /v1alpha/{name}
    Get a SoarNetwork.
    import POST /v1alpha/{parent}/soarNetworks:import
    Import SoarNetworks.
    list GET /v1alpha/{parent}/soarNetworks
    Lists SOAR SoarNetworks.
    patch PATCH /v1alpha/{soarNetwork.name}
    Update a SoarNetwork.

    REST Resource: v1alpha.projects.locations.instances.socRoles

    Methods
    create POST /v1alpha/{parent}/socRoles
    Creates a SocRole.
    delete DELETE /v1alpha/{name}
    Deletes a SocRole.
    get GET /v1alpha/{name}
    Gets a SocRole.
    list GET /v1alpha/{parent}/socRoles
    Lists SocRoles.
    patch PATCH /v1alpha/{socRole.name}
    Updates a SocRole.

    REST Resource: v1alpha.projects.locations.instances.systemNotifications

    Methods
    count GET /v1alpha/{parent}/systemNotifications:count
    Counts SystemNotifications for a given user.
    get GET /v1alpha/{name}
    Gets a SystemNotifications given a name.
    list GET /v1alpha/{parent}/systemNotifications
    Lists SystemNotifications for a given user.
    markAsRead POST /v1alpha/{parent}/systemNotifications:markAsRead
    Marks a list of SystemNotifications as read.

    REST Resource: v1alpha.projects.locations.instances.tasks

    Methods
    create POST /v1alpha/{parent}/tasks
    Create a Task.
    delete DELETE /v1alpha/{name}
    Delete a Task.
    get GET /v1alpha/{name}
    Get a Task.
    list GET /v1alpha/{parent}/tasks
    Lists soar tasks.
    patch PATCH /v1alpha/{task.name}
    Update a Task.

    REST Resource: v1alpha.projects.locations.instances.threatCollections

    Methods
    fetchEntityMetadata GET /v1alpha/{name}:fetchEntityMetadata
    Gets a list of entity metadata for a threat collection.
    fetchIocMatchMetadata GET /v1alpha/{parent}/threatCollections:fetchIocMatchMetadata
    Gets a batch (list) of ioc match metadata for a list of threat collections.
    fetchRelated GET /v1alpha/{parent}/threatCollections:fetchRelated
    List related threat collections for a threat artifact.
    get GET /v1alpha/{name}
    Gets a threat collection by resource name.
    list GET /v1alpha/{parent}/threatCollections
    Lists threat collections, which contain reports and tracked threat campaigns from Google Threat Intelligence.

    REST Resource: v1alpha.projects.locations.instances.uniqueEntities

    Methods
    addNote POST /v1alpha/{parent}/uniqueEntities:addNote
    Adds a comment or note to a unique entity.
    download GET /v1alpha/{name}/uniqueEntities:generateReport
    Generates and downloads a report for a unique entity.
    fetchFull POST /v1alpha/{parent}/uniqueEntities:fetchFull
    Fetches comprehensive information for a unique entity.
    get GET /v1alpha/{name}
    Gets a specific unique entity.
    list GET /v1alpha/{parent}/uniqueEntities
    Lists unique entities within a specific instance.
    patch PATCH /v1alpha/{uniqueEntity.name}
    Updates properties of a unique entity.

    REST Resource: v1alpha.projects.locations.instances.users

    Methods
    clearConversationHistory POST /v1alpha/{name}:clearConversationHistory
    ClearConversationHistory deletes all the user's data (messages and conversations) except of feedbacks.
    getPreferenceSet GET /v1alpha/{name}
    Endpoint for getting a user's PreferenceSet
    updatePreferenceSet PATCH /v1alpha/{preferenceSet.name}
    Endpoint for updating user data saved query

    REST Resource: v1alpha.projects.locations.instances.users.conversations

    Methods
    create POST /v1alpha/{parent}/conversations
    CreateConversation is used to create a new conversation.
    delete DELETE /v1alpha/{name}
    DeleteConversation is used to delete a conversation.
    get GET /v1alpha/{name}
    GetConversation is used to retrieve an existing conversation.
    list GET /v1alpha/{parent}/conversations
    ListConversations is used to retrieve existing conversations.
    patch PATCH /v1alpha/{conversation.name}
    UpdateConversation is used to update an existing conversation.

    REST Resource: v1alpha.projects.locations.instances.users.conversations.messages

    Methods
    create POST /v1alpha/{parent}/messages
    CreateMessage is used to create a new message in a conversation.
    delete DELETE /v1alpha/{name}
    DeleteMessage is used to delete a message.
    get GET /v1alpha/{name}
    GetMessage is used to retrieve a message.
    list GET /v1alpha/{parent}/messages
    ListMessages is used to retrieve existing messages for a conversation.
    patch PATCH /v1alpha/{message.name}
    UpdateMessage is used to update an existing message.

    REST Resource: v1alpha.projects.locations.instances.users.savedColumnSets

    Methods
    create POST /v1alpha/{parent}/savedColumnSets
    Endpoint for adding a new saved column set to the specified instance.
    delete DELETE /v1alpha/{name}
    Endpoint for deleting a saved column set.
    get GET /v1alpha/{name}
    Endpoint for getting a user's saved column set.
    list GET /v1alpha/{parent}/savedColumnSets
    Endpoint for listing the saved column sets.
    patch PATCH /v1alpha/{savedColumnSet.name}
    Endpoint for updating user data saved column set

    REST Resource: v1alpha.projects.locations.instances.users.searchQueries

    Methods
    create POST /v1alpha/{parent}/searchQueries
    Endpoint for adding a new entry to the specified collection of user data
    delete DELETE /v1alpha/{name}
    Endpoint for deleting a user data saved query entry
    get GET /v1alpha/{name}
    Endpoint for getting a user's Saved query entry
    list GET /v1alpha/{parent}/searchQueries
    Endpoint for listing the user data saved queries owned by the specified user
    patch PATCH /v1alpha/{searchQuery.name}
    Endpoint for updating user data saved query

    REST Resource: v1alpha.projects.locations.instances.views

    Methods
    fetchPredefined GET /v1alpha/{parent}/views:fetchPredefined
    Fetch predefined widgets coming from integations.
    get GET /v1alpha/{name}
    Get a View.
    list GET /v1alpha/{parent}/views
    List page of Views.
    saveOverviewTemplate POST /v1alpha/{parent}/views:saveOverviewTemplate
    Save an overview template.

    REST Resource: v1alpha.projects.locations.instances.watchlists

    Methods
    create POST /v1alpha/{parent}/watchlists
    Creates a watchlist for the given instance.
    delete DELETE /v1alpha/{name}
    Deletes the watchlist for the given instance.
    get GET /v1alpha/{name}
    Gets watchlist details for the given watchlist ID.
    list GET /v1alpha/{parent}/watchlists
    Lists all watchlists for the given instance.
    listEntities GET /v1alpha/{parent}:listEntities
    Lists all entities for the given watchlist.
    patch PATCH /v1alpha/{watchlist.name}
    Updates the watchlist for the given instance.

    REST Resource: v1alpha.projects.locations.instances.watchlists.entities

    Methods
    add POST /v1alpha/{parent}/entities:add
    Adds an entity in watchlist.
    batchAdd POST /v1alpha/{parent}/entities:batchAdd
    Adds a batch of entities under watchlist.
    batchRemove POST /v1alpha/{parent}/entities:batchRemove
    Removes entities in batch in the given watchlist.
    remove POST /v1alpha/{name}:remove
    Removes the entity in the given watchlist.

    REST Resource: v1alpha.projects.locations.instances.webhooks

    Methods
    WebhookIngestion POST /v1alpha/{name}:ingest
    Ingest data for a given webhook.
    create POST /v1alpha/{parent}/webhooks
    Create a SOAR webhook configuration.
    delete DELETE /v1alpha/{name}
    Delete a webhook.
    exportLogs POST /v1alpha/{name}:exportLogs
    Exports logs for a given webhook.
    get GET /v1alpha/{name}
    Get a single webhook.
    getLogs GET /v1alpha/{name}:getLogs
    Get a log for a given webhook.
    getStatistics GET /v1alpha/{name}:getStatistics
    Get statistics for a given webhook.
    list GET /v1alpha/{parent}/webhooks
    Lists existing SOAR webhooks.
    patch PATCH /v1alpha/{webhook.name}
    Update a webhook.
    revokeUrl POST /v1alpha/{name}:revokeUrl
    RevokeUrl revokes a previously registered webhook URL, invalidating it and preventing further access.

    REST Resource: v1.projects.locations.instances

    Methods
    get GET /v1/{name}
    Gets a Instance.

    REST Resource: v1.projects.locations.instances.dataAccessLabels

    Methods
    create POST /v1/{parent}/dataAccessLabels
    Creates a data access label.
    delete DELETE /v1/{name}
    Deletes a data access label.
    get GET /v1/{name}
    Gets a data access label.
    list GET /v1/{parent}/dataAccessLabels
    Lists all data access labels for the customer.
    patch PATCH /v1/{dataAccessLabel.name}
    Updates a data access label.

    REST Resource: v1.projects.locations.instances.dataAccessScopes

    Methods
    create POST /v1/{parent}/dataAccessScopes
    Creates a data access scope.
    delete DELETE /v1/{name}
    Deletes a data access scope.
    get GET /v1/{name}
    Retrieves an existing data access scope.
    list GET /v1/{parent}/dataAccessScopes
    Lists all existing data access scopes for the customer.
    patch PATCH /v1/{dataAccessScope.name}
    Updates a data access scope.

    REST Resource: v1.projects.locations.instances.operations

    Methods
    cancel POST /v1/{name}:cancel
    Starts asynchronous cancellation on a long-running operation.
    delete DELETE /v1/{name}
    Deletes a long-running operation.
    get GET /v1/{name}
    Gets the latest state of a long-running operation.
    list GET /v1/{name}/operations
    Lists operations that match the specified filter in the request.

    REST Resource: v1.projects.locations.instances.referenceLists

    Methods
    create POST /v1/{parent}/referenceLists
    Creates a new reference list.
    get GET /v1/{name}
    Gets a single reference list.
    list GET /v1/{parent}/referenceLists
    Lists a collection of reference lists.
    patch PATCH /v1/{referenceList.name}
    Updates an existing reference list.

    REST Resource: v1.projects.locations.instances.rules

    Methods
    create POST /v1/{parent}/rules
    Creates a new Rule.
    delete DELETE /v1/{name}
    Deletes a Rule.
    get GET /v1/{name}
    Gets a Rule.
    getDeployment GET /v1/{name}
    Gets a RuleDeployment.
    list GET /v1/{parent}/rules
    Lists Rules.
    listRevisions GET /v1/{name}:listRevisions
    Lists all revisions of the rule.
    patch PATCH /v1/{rule.name}
    Updates a Rule.
    updateDeployment PATCH /v1/{ruleDeployment.name}
    Updates a RuleDeployment.

    REST Resource: v1.projects.locations.instances.rules.deployments

    Methods
    list GET /v1/{parent}/deployments
    Lists RuleDeployments across all Rules.

    REST Resource: v1.projects.locations.instances.rules.retrohunts

    Methods
    create POST /v1/{parent}/retrohunts
    Create a Retrohunt.
    get GET /v1/{name}
    Get a Retrohunt.
    list GET /v1/{parent}/retrohunts
    List Retrohunts.

    REST Resource: v1.projects.locations.instances.watchlists

    Methods
    create POST /v1/{parent}/watchlists
    Creates a watchlist for the given instance.
    delete DELETE /v1/{name}
    Deletes the watchlist for the given instance.
    get GET /v1/{name}
    Gets watchlist details for the given watchlist ID.
    list GET /v1/{parent}/watchlists
    Lists all watchlists for the given instance.
    patch PATCH /v1/{watchlist.name}
    Updates the watchlist for the given instance.