- Resource: Instance
- State
- WipeoutState
- ComplianceRequirements
- ComplianceCertification
- InstanceConfig
- Methods
Resource: Instance
A Instance represents an instantiation of the Instance product.
| JSON representation |
|---|
{ "name" : string , "state" : enum ( |
| Fields | |
|---|---|
name
|
Identifier. The resource name of this instance. Format: |
state
|
Output only. The state of the instance. |
purgeTime
|
Output only. The earliest time that soft-deleted tenants will be permanently deleted and will no longer be able to be undeleted. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
deleteTime
|
Output only. The time at which the instance was soft-deleted. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
wipeoutStatus
|
Output only. The wipeout status of the instance. |
displayName
|
Output only. The display name of the instance. |
secopsUrls[]
|
Output only. URL of the SecOps instance for the instance. https://{frontend_path}.backstory.chronicle.security |
customerCode
|
Output only. An acronym related to the company name. |
createTime
|
Output only. The time at which the instance was created. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
complianceRequirements
|
Optional. Compliance requirements for the instance. |
instanceConfig
|
Optional. Instance Configs represents the features that can be enabled/disabled by the customer |
State
The state of the instance.
| Enums | |
|---|---|
STATE_UNSPECIFIED
|
The default value. |
ACTIVE
|
The instance is active. |
SOFT_DELETED
|
The instance is soft-deleted. |
SOFT_DELETE_INITIATED
|
The instance is in the process of being soft-deleted. |
UNDELETE_INITIATED
|
The instance is in the process of being undeleted. |
WipeoutState
The wipeout status of the instance.
| Enums | |
|---|---|
WIPEOUT_STATE_UNSPECIFIED
|
The default value. |
DELETE_REQUESTED
|
The instance has requested deletion. |
SOFT_DELETE_IN_PROGRESS
|
The instance is in the process of being soft-deleted. |
SOFT_DELETE_COMPLETED
|
The instance has been soft-deleted. |
UNDELETE_REQUESTED
|
The instance has requested undeletion. |
DATA_DELETION_IN_PROGRESS
|
The instance is in the process of being data deleted. |
ERROR
|
The instance has an error during wipeout. |
WIPED_OUT
|
The instance has been wiped out. |
UNDELETE_COMPLETED
|
The instance has been undeleted. |
ComplianceRequirements
Compliance requirements.
| JSON representation |
|---|
{
"complianceCertifications"
:
[
enum (
|
| Fields | |
|---|---|
complianceCertifications[]
|
Optional. A list of compliance certifications. |
ComplianceCertification
Compliance certifications.
| Enums | |
|---|---|
COMPLIANCE_CERTIFICATION_UNSPECIFIED
|
LINT.IfChange(instance-compliance-certification) Unspecified compliance certification. |
FEDRAMP_MODERATE
|
FedRAMP Moderate. |
HIPAA
|
HIPAA. |
PCI_DSS
|
PCI DSS. |
FEDRAMP_HIGH
|
FedRAMP High. |
IL4
|
IL4. |
IL5
|
IL5. |
CHRONICLE_CMEK_V1
|
Chronicle CMEK V1. |
DRZ_ADVANCED
|
DRZ_ADVANCED. |
InstanceConfig
Instance Configs represents the features that can be enabled/disabled/configured by the customer
| JSON representation |
|---|
{ "secopsUiEnabled" : boolean , "dataRbacEnabled" : boolean } |
| Fields | |
|---|---|
secopsUiEnabled
|
Optional. The desired access state (true for enabled). |
dataRbacEnabled
|
Optional. The desired access state for Data RBAC (true for enabled). |
Methods |
|
|---|---|
|
Validates a batch of entities that could be added into watchlist under an instance. |
|
Returns findings refinement activity for all findings refinements. |
|
ContinuePocGraduation verifies and proceeds graduation. |
|
Count detections across all curated rule sets. |
|
RPC to submit user feedback on content generated by AI services. |
|
DeleteInstance deletes an Instance. |
|
ExtractSyslog extracts structured part of log from a unstructured log by running a grok regex over it. |
|
FetchFederationAccess method lists all the instances the authenticated user has access to and the operations they can perform over these instances. |
|
Identifies the entity type and retrieves relevant data associated with a specified indicator. |
|
Get alerts for an entity |
|
Finds all the entities associated with provided entity. |
|
Finds ingested UDM field values that match a query. |
|
GenerateCollectionAgentAuth generates an auth json file for the collection agent. |
|
GenerateSoarAuthJwt signs a jwt in order to proceed with jwt exchange based authenticate with soar. |
|
Generates a SOAR chat message based on the given intent. |
|
GenerateUDMKeyValueMappings generates key value mapping of a raw log. |
|
Generates a token that can be used to connect a workspace customer to a chronicle instance |
|
Gets a Instance. |
|
Get the BigQuery export configuration for a Chronicle instance. |
|
Gets the super and subtenants and gets the current tenant name. |
|
Queries the instance to get the Risk Configurations used for the computation of Entity Risk Score. |
|
Get the set of threat collection filter options. |
|
GraduatePocInstance graduates an instance. |
|
Legacy endpoint for listing case federation platforms. |
|
Legacy Get System Metadata. |
|
Lists all findings refinement deployments. |
|
Updates an Instance. |
|
Gets available product sources along with their stats. |
|
Identifies the entity type and retrieves relevant data associated with a specified indicator. |
|
Api to get events, entities, or unparsed raw logs matching the given raw log query. |
|
Submits a Response Feedback. |
|
Parses the query and identifies the entities contained within the search query. |
|
Returns all entity data over specified time. |
|
Tests for and returns past activity for a findings refinement, including, potentially, times when the findings refinement was not yet created. |
|
Translate natural language to a UDM Search query. |
|
Translate natural language to a Yara-L rule. |
|
Performs a UDM search that returns matching events for the query. |
|
UndeleteInstance undeletes a soft-deleted Instance. |
|
Update the BigQuery export configuration for a Chronicle instance. |
|
Updates RiskConfig used for the computation of Entity Risk Score. |
|
Validates UDM search query by compiling the query. |
|
Verifies the nonce used to graduate an instance. |
|
VerifyReferenceList validates list content and returns line errors, if any. |
|
Verifies the given rule text. |
