- JSON representation
- UiPreferences
- SearchHistory
- RelativeTimeRange
- ColumnSet
- DismissibleNotification
- SearchPreferences
- DataSampleStrategy
- UiTablesPreferences
- CasesListPreferences
- SortingPreferences
- SortingOrder
- FiltersPreferences
- FilterLogicalOperator
- TableFilter
- FilterType
- FilterCompareOperator
- CustomTimeRange
- TimeRangeValue
A collection of preferences for a user.
| JSON representation |
|---|
{
"name"
:
string
,
"uiPreferences"
:
{
object (
|
| Fields | |
|---|---|
name
|
Output only. Identifier. Resource name. |
uiPreferences
|
Optional. Preferences for UI configuration. |
UiPreferences
Collection of preferences for UI configuration.
| JSON representation |
|---|
{ "displayTimezone" : string , "searchHistory" : [ { object ( |
| Fields | |
|---|---|
displayTimezone
|
Optional. Timezone for displaying times to the user. |
searchHistory[]
|
Optional. Previously run search queries. This will be limited to around 20 queries by the calling UI code. |
enableSearchHistory
|
Optional. Flag for enabling saving search history. True if it is enabled. |
columnSets[]
|
Optional. A list of ColumnSets saved by the user. |
pinnedFields[]
|
Optional. A list of fields to pin at the top of the quick filters panel. |
enableDuetAiChat
|
Optional. Flag for user opt-in setting for Duet AI in Chronicle. True if user is opted-in. |
languageCode
|
Optional. The users's preferred language. -- Set via the URL param hl. -- |
dismissibleNotifications[]
|
Optional. A list of notifications that the use can dismiss, or dismissed already. |
udmFieldsViewerPinnedFields[]
|
Optional. A list of fields to pin at the top of the udm fields viewer. |
enableLabs
|
Optional. Flag for user opt-in setting for SecOps Labs. True if user is opted-in. |
rulesPreferences
|
Optional. Preferences for the Rules views. An object containing a list of |
mitrePreferences
|
Optional. Preferences for the Mitre views across the app. An object containing a list of |
triageAgentEnabled
|
Optional. Flag for user opt-in setting for Triage Agent. True if user is opted-in. |
eventFieldsViewerPreferences
|
Optional. Preferences for the Event Fields in the Event Viewer widget which will be used across the app. An Event Viewer is a UI widget that displays Event Fields (the UDM structure), and is used to show event details. This map stores user-specific UI settings for the Event Fields, such as preferred view mode (e.g., tree or flat list). Example key-value pairs: "selectedViewPreference": "FLAT_VIEW" An object containing a list of |
tablesPreferences
|
Optional. Preferences for tables in the UI. The preferences are meant to store the default configuration of the table. |
searchPreferences
|
Optional. Search configuration preferences. |
SearchHistory
A previously run Search Query.
| JSON representation |
|---|
{ "query" : string , "timeRange" : { object ( |
| Fields | |
|---|---|
query
|
Required. The UDM Search query that was executed. |
timeRange
|
Optional. The time interval that the query is run over. |
executionTime
|
Optional. The time the query was run. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
chronicleOwned
|
Optional. Whether the saved search used is based on a saved template owned by Chronicle. |
naturalLanguageQuery
|
If applicable, the natural language query used to generate the UDM Search Query. |
displayName
|
If applicable, the display name of the saved search used to generate this instance. |
description
|
If applicable, the description of the saved search used to generate this instance. |
searchSaveTime
|
Optional. If applicable, the created timestamp of the saved search used to generate this instance. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
searchUpdateTime
|
Optional. If applicable, the updated timestamp of the saved search used to generate this instance. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
rawQuery
|
Optional. If applicable, the UDM saved search string with unreplaced placeholder names, from the saved search query used to generate this instance, e.g. "principal.hostname = $placeholder1 and target.ip = $placeholder2". |
placeholderNames[]
|
Optional. If applicable, the placeholder names from the saved search used to generate this instance, e.g. ["$placeholder1", "$placeholder2"]. |
placeholderDescriptions[]
|
Optional. If applicable, the placeholder descriptions from the saved search used to generate this instance, e.g. ["host", "ip"]. Each element's position corresponds to placeholderNames. |
placeholderValues[]
|
Optional. If applicable, the placeholder values from the saved search to generate this instance, e.g. ["abu", "1.2.3.4"]. Each element's position corresponds to placeholderNames. |
savedSearchResource
|
Optional. If applicable, the resource name of the saved search used to generate this instance. Format: |
savedSearchId
|
Optional. If applicable, the id of the saved search used to generate this instance. |
sharingMode
|
Optional. If applicable, the sharing mode of the saved search used to generate this instance. |
queryType
|
Optional. The query type. |
caseInsensitive
|
Optional. If true, the search was performed in a case-insensitive manner. |
operation
|
Optional. The name of the operation resource representing the UDM Search operation. This can be used to fetch stored results or stream the results of an in-progress operation. Format: projects/{project}/locations/{location}/instances/{instance}/operations/{operation} |
relativeTimeRange
|
Optional. Defines a time range relative to the start point of the query over which it is running. |
columnSetLabel
|
Optional. The label of the column set added to the search query. 'columnSetLabel' maps to the 'columnSets' field in the 'PreferenceSet' resource. |
queryLanguage
|
Optional. The query language. |
RelativeTimeRange
Defines a time range relative to a reference point. Specifies the duration (timeSpan) and unit (timeUnit) of the range.
| JSON representation |
|---|
{
"timeSpan"
:
string
,
"timeUnit"
:
enum (
|
| Fields | |
|---|---|
timeSpan
|
Optional. Relative time value. |
timeUnit
|
Optional. Relative time unit. |
ColumnSet
A list of UDM columns with a unique name.
| JSON representation |
|---|
{ "label" : string , "columns" : [ string ] } |
| Fields | |
|---|---|
label
|
The name of the column set. |
columns[]
|
The list of udm fields corresponding to columns. |
DismissibleNotification
A notification that the user can dismiss.
| JSON representation |
|---|
{ "id" : string , "dismissedTime" : string } |
| Fields | |
|---|---|
id
|
Required. Unique ID of the user notification. Any non-empty string is accepted. The UI will use a literal string to identify notifications used in certain places of the product. It is preferable to have user-friendly self-descripting strings (eg. "new-feature-popup"). |
dismissedTime
|
Optional. The time the notification was dismissed. The notification should considered dismissed when the time is prior to "now". Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
SearchPreferences
Collection of preferences for Search configuration.
| JSON representation |
|---|
{
"maxDataSampleCount"
:
integer
,
"dataSampleStrategy"
:
enum (
|
| Fields | |
|---|---|
maxDataSampleCount
|
Optional. The maximum number of data samples to return. |
dataSampleStrategy
|
Optional. The data sample strategy to use for fetching search results. |
DataSampleStrategy
The data sample strategy to use for fetching search results.
| Enums | |
|---|---|
DATA_SAMPLE_STRATEGY_UNSPECIFIED
|
No data sample strategy specified. |
FAST_RETRIEVAL
|
Return required number of results which are retrieved earlier and discard the rest. |
MOST_FRESH
|
Return the latest/newest required number of results and discard the rest. |
UiTablesPreferences
This is the preferences of the tables in the UI. The preferences are meant to store the default configuration of the table.
| JSON representation |
|---|
{
"casesListPreferences"
:
{
object (
|
| Fields | |
|---|---|
casesListPreferences
|
Optional. Preferences for the Cases list table. |
CasesListPreferences
Preferences for the Cases list table.
| JSON representation |
|---|
{ "sortingPreferences" : { object ( |
| Fields | |
|---|---|
sortingPreferences
|
Optional. The sorting preferences for the Cases list table. |
columnsOrder
|
Optional. The columns to display in the Cases list table and their order. The key is the column name and the value is the column order. An object containing a list of |
filtersPreferences
|
Optional. The filtering preferences for the Cases list table. |
groupingColumns[]
|
Optional. The columns by which to group. |
SortingPreferences
Sorting preferences for the Cases list table.
| JSON representation |
|---|
{
"column"
:
string
,
"order"
:
enum (
|
| Fields | |
|---|---|
column
|
Optional. The name of the column to sort by. |
order
|
Optional. The order of the sorting. |
SortingOrder
Defines the sorting order.
| Enums | |
|---|---|
SORTING_ORDER_UNSPECIFIED
|
Sorting order is unspecified. |
ASC
|
Specifies ascending sorting order |
DESC
|
Specifies descending sorting order |
FiltersPreferences
Filtering preferences for the Cases list table.
| JSON representation |
|---|
{ "logicalOperator" : enum ( |
| Fields | |
|---|---|
logicalOperator
|
Required. The logical operator of the filter. |
filters[]
|
Required. The filters of the table. |
customTimeRange
|
Optional. The custom time range filter. |
timeRangeFilter
|
Optional. The time range filter. |
FilterLogicalOperator
The logical operator of the filter.
| Enums | |
|---|---|
FILTER_LOGICAL_OPERATOR_UNSPECIFIED
|
Filter logical operator is unspecified. |
AND
|
Filter logical operator is AND. |
OR
|
Filter logical operator is OR. |
TableFilter
The filter for the Cases list table.
| JSON representation |
|---|
{ "type" : enum ( |
| Fields | |
|---|---|
type
|
Required. The type of the filter. |
compareOperator
|
Required. The compare operator of the filter. |
values[]
|
Required. The values of the filter. |
includeUsers
|
Optional. Whether to include users in the filter. |
FilterType
The type of the filter.
| Enums | |
|---|---|
FILTER_TYPE_UNSPECIFIED
|
Filter type is unspecified. |
ANALYSTS
|
Filter type is analysts. |
ENVIRONMENTS
|
Filter type is environments. |
PRIORITIES
|
Filter type is priorities. |
STAGES
|
Filter type is stages. |
TAGS
|
Filter type is tags. |
ALERTS_NAME
|
Filter type is alerts name. |
PRODUCTS
|
Filter type is products. |
CASE_SLA
|
Filter type is case sla. |
CASE_STATUS
|
Filter type is case status. |
WORKFLOW_STATUS
|
Filter type is workflow status. |
FilterCompareOperator
The compare operator of the filter.
| Enums | |
|---|---|
FILTER_COMPARE_OPERATOR_UNSPECIFIED
|
Filter compare operator is unspecified. |
IS
|
Filter compare operator is IS. |
IS_NOT
|
Filter compare operator is IS_NOT. |
CustomTimeRange
The custom time range filter.
| JSON representation |
|---|
{ "startTime" : string , "endTime" : string } |
| Fields | |
|---|---|
startTime
|
Required. The start time of the time range. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
endTime
|
Required. The end time of the time range. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
TimeRangeValue
The time range filter of the filter.
| Enums | |
|---|---|
TIME_RANGE_VALUE_UNSPECIFIED
|
Time range value is unspecified. |
ALL_TIME
|
Time range value is all time. |
CUSTOM
|
Time range value is custom. |
LAST_DAY
|
Time range value is last day. |
LAST_TWO_DAYS
|
Time range value is last 2 days. |
LAST_THREE_DAYS
|
Time range value is last 3 days. |
LAST_WEEK
|
Time range value is last week. |
LAST_YEAR
|
Time range value is last year. |
