PreferenceSet

JSON representation
UiPreferences
- JSON representation
SearchHistory
- JSON representation
RelativeTimeRange
- JSON representation
ColumnSet
- JSON representation
DismissibleNotification
- JSON representation
SearchPreferences
- JSON representation
DataSampleStrategy

A collection of preferences for a user.

JSON representation
{ "name" : string , "uiPreferences" : { object ( `UiPreferences` ) } }

Fields

Fields
`name`	`string` Output only. Identifier. Resource name.
`uiPreferences`	`object ( UiPreferences )` Optional. Preferences for UI configuration.

name

string

Output only. Identifier. Resource name.

uiPreferences

object ( UiPreferences )

Optional. Preferences for UI configuration.

UiPreferences

Collection of preferences for UI configuration.

JSON representation

JSON representation
{ "displayTimezone" : string , "searchHistory" : [ { object ( `SearchHistory` ) } ] , "enableSearchHistory" : boolean , "columnSets" : [ { object ( `ColumnSet` ) } ] , "pinnedFields" : [ string ] , "enableDuetAiChat" : boolean , "languageCode" : string , "dismissibleNotifications" : [ { object ( `DismissibleNotification` ) } ] , "udmFieldsViewerPinnedFields" : [ string ] , "enableLabs" : boolean , "rulesPreferences" : { string : string , ... } , "mitrePreferences" : { string : string , ... } , "searchPreferences" : { object ( `SearchPreferences` ) } }

 { 
 "displayTimezone" 
 : 
 string 
 , 
 "searchHistory" 
 : 
 [ 
 { 
 object (  SearchHistory 
 
) 
 } 
 ] 
 , 
 "enableSearchHistory" 
 : 
 boolean 
 , 
 "columnSets" 
 : 
 [ 
 { 
 object (  ColumnSet 
 
) 
 } 
 ] 
 , 
 "pinnedFields" 
 : 
 [ 
 string 
 ] 
 , 
 "enableDuetAiChat" 
 : 
 boolean 
 , 
 "languageCode" 
 : 
 string 
 , 
 "dismissibleNotifications" 
 : 
 [ 
 { 
 object (  DismissibleNotification 
 
) 
 } 
 ] 
 , 
 "udmFieldsViewerPinnedFields" 
 : 
 [ 
 string 
 ] 
 , 
 "enableLabs" 
 : 
 boolean 
 , 
 "rulesPreferences" 
 : 
 { 
 string 
 : 
 string 
 , 
 ... 
 } 
 , 
 "mitrePreferences" 
 : 
 { 
 string 
 : 
 string 
 , 
 ... 
 } 
 , 
 "searchPreferences" 
 : 
 { 
 object (  SearchPreferences 
 
) 
 } 
 }

Fields
`displayTimezone`	`string` Optional. Timezone for displaying times to the user.
`searchHistory[]`	`object ( SearchHistory )` Optional. Previously run search queries. This will be limited to around 20 queries by the calling UI code.
`enableSearchHistory`	`boolean` Optional. Flag for enabling saving search history. True if it is enabled.
`columnSets[]`	`object ( ColumnSet )` Optional. A list of ColumnSets saved by the user.
`pinnedFields[]`	`string` Optional. A list of fields to pin at the top of the quick filters panel.
`enableDuetAiChat`	`boolean` Optional. Flag for user opt-in setting for Duet AI in Chronicle. True if user is opted-in.
`languageCode`	`string` Optional. The users's preferred language. -- Set via the URL param hl. --
`dismissibleNotifications[]`	`object ( DismissibleNotification )` Optional. A list of notifications that the use can dismiss, or dismissed already.
`udmFieldsViewerPinnedFields[]`	`string` Optional. A list of fields to pin at the top of the udm fields viewer.
`enableLabs`	`boolean` Optional. Flag for user opt-in setting for SecOps Labs. True if user is opted-in.
`rulesPreferences`	`map (key: string, value: string)` Optional. Preferences for the Rules views. An object containing a list of `"key": value` pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }` .
`mitrePreferences`	`map (key: string, value: string)` Optional. Preferences for the Mitre views across the app. An object containing a list of `"key": value` pairs. Example: `{ "name": "wrench", "mass": "1.3kg", "count": "3" }` .
`searchPreferences`	`object ( SearchPreferences )` Optional. Search configuration preferences.

SearchHistory

A previously run Search Query.

JSON representation

JSON representation
{ "query" : string , "timeRange" : { object ( `Interval` ) } , "executionTime" : string , "chronicleOwned" : boolean , "naturalLanguageQuery" : string , "displayName" : string , "description" : string , "searchSaveTime" : string , "searchUpdateTime" : string , "rawQuery" : string , "placeholderNames" : [ string ] , "placeholderDescriptions" : [ string ] , "placeholderValues" : [ string ] , "savedSearchResource" : string , "savedSearchId" : string , "sharingMode" : enum ( `SharingMode` ) , "queryType" : enum ( `QueryType` ) , "caseInsensitive" : boolean , "operation" : string , "relativeTimeRange" : { object ( `RelativeTimeRange` ) } , "columnSetLabel" : string }

 { 
 "query" 
 : 
 string 
 , 
 "timeRange" 
 : 
 { 
 object (  Interval 
 
) 
 } 
 , 
 "executionTime" 
 : 
 string 
 , 
 "chronicleOwned" 
 : 
 boolean 
 , 
 "naturalLanguageQuery" 
 : 
 string 
 , 
 "displayName" 
 : 
 string 
 , 
 "description" 
 : 
 string 
 , 
 "searchSaveTime" 
 : 
 string 
 , 
 "searchUpdateTime" 
 : 
 string 
 , 
 "rawQuery" 
 : 
 string 
 , 
 "placeholderNames" 
 : 
 [ 
 string 
 ] 
 , 
 "placeholderDescriptions" 
 : 
 [ 
 string 
 ] 
 , 
 "placeholderValues" 
 : 
 [ 
 string 
 ] 
 , 
 "savedSearchResource" 
 : 
 string 
 , 
 "savedSearchId" 
 : 
 string 
 , 
 "sharingMode" 
 : 
 enum (  SharingMode 
 
) 
 , 
 "queryType" 
 : 
 enum (  QueryType 
 
) 
 , 
 "caseInsensitive" 
 : 
 boolean 
 , 
 "operation" 
 : 
 string 
 , 
 "relativeTimeRange" 
 : 
 { 
 object (  RelativeTimeRange 
 
) 
 } 
 , 
 "columnSetLabel" 
 : 
 string 
 }

Fields
`query`	`string` Required. The UDM Search query that was executed.
`timeRange`	`object ( Interval )` Optional. The time interval that the query is run over.
`executionTime`	`string ( Timestamp format)` Optional. The time the query was run. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"` , `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"` .
`chronicleOwned`	`boolean` Optional. Whether the saved search used is based on a saved template owned by Chronicle.
`naturalLanguageQuery`	`string` If applicable, the natural language query used to generate the UDM Search Query.
`displayName`	`string` If applicable, the display name of the saved search used to generate this instance.
`description`	`string` If applicable, the description of the saved search used to generate this instance.
`searchSaveTime`	`string ( Timestamp format)` Optional. If applicable, the created timestamp of the saved search used to generate this instance. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"` , `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"` .
`searchUpdateTime`	`string ( Timestamp format)` Optional. If applicable, the updated timestamp of the saved search used to generate this instance. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"` , `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"` .
`rawQuery`	`string` Optional. If applicable, the UDM saved search string with unreplaced placeholder names, from the saved search query used to generate this instance, e.g. "principal.hostname = $placeholder1 and target.ip = $placeholder2".
`placeholderNames[]`	`string` Optional. If applicable, the placeholder names from the saved search used to generate this instance, e.g. ["$placeholder1", "$placeholder2"].
`placeholderDescriptions[]`	`string` Optional. If applicable, the placeholder descriptions from the saved search used to generate this instance, e.g. ["host", "ip"]. Each element's position corresponds to placeholderNames.
`placeholderValues[]`	`string` Optional. If applicable, the placeholder values from the saved search to generate this instance, e.g. ["abu", "1.2.3.4"]. Each element's position corresponds to placeholderNames.
`savedSearchResource`	`string` Optional. If applicable, the resource name of the saved search used to generate this instance. Format: `projects/{project}/location/{location}/instances/{instance}/users/{user}/searchQueries/{queryid}`
`savedSearchId`	`string` Optional. If applicable, the id of the saved search used to generate this instance.
`sharingMode`	`enum ( SharingMode )` Optional. If applicable, the sharing mode of the saved search used to generate this instance.
`queryType`	`enum ( QueryType )` Optional. The query type.
`caseInsensitive`	`boolean` Optional. If true, the search was performed in a case-insensitive manner.
`operation`	`string` Optional. The name of the operation resource representing the UDM Search operation. This can be used to fetch stored results or stream the results of an in-progress operation. Format: projects/{project}/locations/{location}/instances/{instance}/operations/{operation}
`relativeTimeRange`	`object ( RelativeTimeRange )` Optional. Defines a time range relative to the start point of the query over which it is running.
`columnSetLabel`	`string` Optional. The label of the column set added to the search query. 'columnSetLabel' maps to the 'columnSets' field in the 'PreferenceSet' resource.

RelativeTimeRange

Defines a time range relative to a reference point. Specifies the duration (timeSpan) and unit (timeUnit) of the range.

JSON representation
{ "timeSpan" : string , "timeUnit" : enum ( `TimeUnit` ) }

Fields

Fields
`timeSpan`	`string ( int64 format)` Optional. Relative time value.
`timeUnit`	`enum ( TimeUnit )` Optional. Relative time unit.

timeSpan

string ( int64 format)

Optional. Relative time value.

timeUnit

enum ( TimeUnit )

Optional. Relative time unit.

ColumnSet

A list of UDM columns with a unique name.

JSON representation
{ "label" : string , "columns" : [ string ] }

Fields

Fields
`label`	`string` The name of the column set.
`columns[]`	`string` The list of udm fields corresponding to columns.

label

string

The name of the column set.

columns[]

string

The list of udm fields corresponding to columns.

DismissibleNotification

A notification that the user can dismiss.

JSON representation
{ "id" : string , "dismissedTime" : string }

Fields

Fields
`id`	`string` Required. Unique ID of the user notification. Any non-empty string is accepted. The UI will use a literal string to identify notifications used in certain places of the product. It is preferable to have user-friendly self-descripting strings (eg. "new-feature-popup").
`dismissedTime`	`string ( Timestamp format)` Optional. The time the notification was dismissed. The notification should considered dismissed when the time is prior to "now". Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"` , `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"` .

id

string

Required. Unique ID of the user notification. Any non-empty string is accepted. The UI will use a literal string to identify notifications used in certain places of the product. It is preferable to have user-friendly self-descripting strings (eg. "new-feature-popup").

dismissedTime

string ( Timestamp format)

Optional. The time the notification was dismissed. The notification should considered dismissed when the time is prior to "now".

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z" , "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30" .

SearchPreferences

Collection of preferences for Search configuration.

JSON representation
{ "maxDataSampleCount" : integer , "dataSampleStrategy" : enum ( `DataSampleStrategy` ) }

Fields

Fields
`maxDataSampleCount`	`integer` Optional. The maximum number of data samples to return.
`dataSampleStrategy`	`enum ( DataSampleStrategy )` Optional. The data sample strategy to use for fetching search results.

maxDataSampleCount

integer

Optional. The maximum number of data samples to return.

dataSampleStrategy

enum ( DataSampleStrategy )

Optional. The data sample strategy to use for fetching search results.

DataSampleStrategy

The data sample strategy to use for fetching search results.

Enums
`DATA_SAMPLE_STRATEGY_UNSPECIFIED`	No data sample strategy specified.
`FAST_RETRIEVAL`	Return required number of results which are retrieved earlier and discard the rest.
`MOST_FRESH`	Return the latest/newest required number of results and discard the rest.