Console
    Start free

    Method: iocs.find

    Full name: projects.locations.instances.iocs.find

    Gets a list of Iocs given a list of parameters that uniquely identify them.

    HTTP request

    POST https://{endpoint}/v1beta/{parent}/iocs:find

    Where {endpoint} is one of the supported service endpoints .

    Path parameters

    Parameters
    parent

    string

    Required. The parent, which is the SecOps instance. Format: projects/{project}/locations/{location}/instances/{instance}

    Request body

    The request body contains data with the following structure:

    JSON representation 
     { 
 "fieldAndValue" 
 : 
 [ 
 { 
 object (  FieldAndValue 
 
) 
 } 
 ] 
 }
    Fields
    fieldAndValue[]

    object ( FieldAndValue )

    Required. Parameters to identify the IOCs. Each item should uniquely identify one Ioc record. Only valueType is supported, and only the following ValueType options: - HASH_MD5 - HASH_SHA1 - HASH_SHA256 - DOMAIN_NAME - RESOLVED_IP_ADDRESS

    Response body

    The response to a iocs.find request.

    If successful, the response body contains data with the following structure:

    JSON representation 
     { 
 "iocs" 
 : 
 [ 
 { 
 object (  Ioc 
 
) 
 } 
 ] 
 }
    Fields
    iocs[]

    object ( Ioc )

    The Iocs that match the request. Note this returns a max of 1000 IOCs, in the order requested.

    Authorization scopes

    Requires one of the following OAuth scopes:

    • https://www.googleapis.com/auth/cloud-platform
    • https://www.googleapis.com/auth/chronicle
    • https://www.googleapis.com/auth/chronicle.readonly

    For more information, see the Authentication Overview .

    IAM Permissions

    Requires the following IAM permission on the parent resource:

    • chronicle.iocs.findIocs

    For more information, see the IAM documentation .
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: