Method: projects.findings.search

findings.search is a more powerful version of findings.list that supports complex queries like "findings for alerts" using functions such as has_alert in the query string. The parent field in SearchFindingsRequest should have the format: projects/{project} Example to search for findings for a specific issue: has_alert("name=\"projects/gti-12345/alerts/alert-12345\"")

HTTP request

GET https://threatintelligence.googleapis.com/v1beta/{parent=projects/*}/findings:search

The URL uses gRPC Transcoding syntax.

Path parameters

Parameters
parent

string

Required. Parent of the findings. Format: vaults/{vault}

Query parameters

Parameters
query

string

Optional. Query on what findings will be returned. This supports the same filter criteria as FindingService.ListFindings as well as the following relationship query has_alert. Example: - has_alert("name=\"projects/gti-12345/alerts/alert-12345\"")
orderBy

string

Optional. Order by criteria in the csv format: "field1,field2 desc" or "field1,field2" or "field1 asc, field2".
pageToken

string

Optional. Page token.
pageSize

integer

Optional. Page size.

Request body

The request body must be empty.

Response body

Response message for findings.search.

If successful, the response body contains data with the following structure:

JSON representation 
{
  "findings": [
    {
      object (Finding)
    }
  ],
  "nextPageToken": string
}
Fields
findings[]

object (Finding)

List of findings.
nextPageToken

string

Page token.

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the parent resource:

  • threatintelligence.findings.list

For more information, see the IAM documentation.