Console
    Contact Us Start free

    REST Resource: projects.locations.instances

    Resource: Instance

    A Instance represents an instantiation of the Instance product.

    JSON representation 
     { 
 "name" 
 : 
 string 
 , 
 "state" 
 : 
 enum (  State 
 
) 
 , 
 "purgeTime" 
 : 
 string 
 , 
 "deleteTime" 
 : 
 string 
 , 
 "wipeoutStatus" 
 : 
 enum (  WipeoutState 
 
) 
 , 
 "displayName" 
 : 
 string 
 , 
 "secopsUrls" 
 : 
 [ 
 string 
 ] 
 , 
 "customerCode" 
 : 
 string 
 , 
 "createTime" 
 : 
 string 
 , 
 "complianceRequirements" 
 : 
 { 
 object (  ComplianceRequirements 
 
) 
 } 
 , 
 "instanceConfig" 
 : 
 { 
 object (  InstanceConfig 
 
) 
 } 
 , 
 "frontendPathConfigs" 
 : 
 [ 
 { 
 object (  FrontendPathConfig 
 
) 
 } 
 ] 
 }
    Fields
    name

    string

    Identifier. The resource name of this instance. Format: projects/{project}/locations/{location}/instances/{instance}

    state

    enum ( State )

    Output only. The state of the instance.
    purgeTime

    string ( Timestamp format)

    Output only. The earliest time that soft-deleted tenants will be permanently deleted and will no longer be able to be undeleted.

    Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z" , "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30" .
    deleteTime

    string ( Timestamp format)

    Output only. The time at which the instance was soft-deleted.

    Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z" , "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30" .
    wipeoutStatus

    enum ( WipeoutState )

    Output only. The wipeout status of the instance.
    displayName

    string

    Output only. The display name of the instance.
    secopsUrls[]

    string

    Output only. URL of the SecOps instance for the instance. https://{frontendPath}.backstory.chronicle.security

    customerCode

    string

    Output only. An acronym related to the company name.
    createTime

    string ( Timestamp format)

    Output only. The time at which the instance was created.

    Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z" , "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30" .
    complianceRequirements

    object ( ComplianceRequirements )

    Optional. Compliance requirements for the instance.
    instanceConfig

    object ( InstanceConfig )

    Optional. Instance Configs represents the features that can be enabled/disabled by the customer
    frontendPathConfigs[]

    object ( FrontendPathConfig )

    Output only. List of frontend path - workforce pool provider id configs of the instance.

    State

    The state of the instance.

    Enums
    STATE_UNSPECIFIED The default value.
    ACTIVE The instance is active.
    SOFT_DELETED The instance is soft-deleted.
    SOFT_DELETE_INITIATED The instance is in the process of being soft-deleted.
    UNDELETE_INITIATED The instance is in the process of being undeleted.

    WipeoutState

    The wipeout status of the instance.

    Enums
    WIPEOUT_STATE_UNSPECIFIED The default value.
    DELETE_REQUESTED The instance has requested deletion.
    SOFT_DELETE_IN_PROGRESS The instance is in the process of being soft-deleted.
    SOFT_DELETE_COMPLETED The instance has been soft-deleted.
    UNDELETE_REQUESTED The instance has requested undeletion.
    DATA_DELETION_IN_PROGRESS The instance is in the process of being data deleted.
    ERROR The instance has an error during wipeout.
    WIPED_OUT The instance has been wiped out.
    UNDELETE_COMPLETED The instance has been undeleted.

    ComplianceRequirements

    Compliance requirements.

    JSON representation 
     { 
 "complianceCertifications" 
 : 
 [ 
 enum (  ComplianceCertification 
 
) 
 ] 
 }
    Fields
    complianceCertifications[]

    enum ( ComplianceCertification )

    Optional. A list of compliance certifications.

    ComplianceCertification

    Compliance certifications.

    Enums
    COMPLIANCE_CERTIFICATION_UNSPECIFIED LINT.IfChange(instance-compliance-certification) Unspecified compliance certification.
    FEDRAMP_MODERATE FedRAMP Moderate.
    HIPAA HIPAA.
    PCI_DSS PCI DSS.
    FEDRAMP_HIGH FedRAMP High.
    IL4 IL4.
    IL5 IL5.
    CHRONICLE_CMEK_V1 Chronicle CMEK V1.
    DRZ_ADVANCED DRZ_ADVANCED.

    InstanceConfig

    Instance Configs represents the features that can be enabled/disabled/configured by the customer

    JSON representation 
     { 
 "secopsUiEnabled" 
 : 
 boolean 
 , 
 "dataRbacEnabled" 
 : 
 boolean 
 }
    Fields
    secopsUiEnabled

    boolean

    Optional. The desired access state (true for enabled).
    dataRbacEnabled

    boolean

    Optional. The desired access state for Data RBAC (true for enabled).

    FrontendPathConfig

    Frontend paths - workforce pool provider id mapping of the instance.

    JSON representation 
     { 
 "frontendPath" 
 : 
 string 
 , 
 "workforcePoolProviderId" 
 : 
 string 
 }
    Fields
    frontendPath

    string

    Output only. Frontend path that is part of the instance.
    workforcePoolProviderId

    string

    Output only. Workforce pool provider id connected to the frontend path. Format: locations/{location}/workforcePools/{workforce_pool_id}/providers/{providerId}

    Methods

    batchValidateWatchlistEntities

    		Validates a batch of entities that could be added into watchlist under an instance.

    computeAllFindingsRefinementActivities

    		Returns findings refinement activity for all findings refinements.

    continuePocGraduation

    		ContinuePocGraduation verifies and proceeds graduation.

    countAllCuratedRuleSetDetections

    		Count detections across all curated rule sets.

    createFeedback

    		RPC to submit user feedback on content generated by AI services.

    delete

    		DeleteInstance deletes an Instance.

    extractSyslog

    		ExtractSyslog extracts structured part of log from a unstructured log by running a grok regex over it.

    fetchFederationAccess

    		FetchFederationAccess method lists all the instances the authenticated user has access to and the operations they can perform over these instances.

    findEntity

    		Identifies the entity type and retrieves relevant data associated with a specified indicator.

    findEntityAlerts

    		Get alerts for an entity

    findRelatedEntities

    		Finds all the entities associated with provided entity.

    findUdmFieldValues

    		Finds ingested UDM field values that match a query.

    generateCollectionAgentAuth

    		GenerateCollectionAgentAuth generates an auth json file for the collection agent.

    generateSoarAuthJwt

    		GenerateSoarAuthJwt signs a jwt in order to proceed with jwt exchange based authenticate with soar.

    generateSoarChatMessage

    		Generates a SOAR chat message based on the given intent.

    generateUdmKeyValueMappings

    		GenerateUDMKeyValueMappings generates key value mapping of a raw log.

    generateWorkspaceConnectionToken

    		Generates a token that can be used to connect a workspace customer to a chronicle instance

    get

    		Gets a Instance.

    getBigQueryExport

    		Get the BigQuery export configuration for a Chronicle instance.

    getEnrichmentCombination

    		Get the EnrichmentCombination.

    getMultitenantDirectory

    		Gets the super and subtenants and gets the current tenant name.

    getRiskConfig

    		Queries the instance to get the Risk Configurations used for the computation of Entity Risk Score.

    getThreatCollectionFilterSet

    		Get the set of threat collection filter options.

    graduatePocInstance

    		GraduatePocInstance graduates an instance.

    legacyCaseFederationPlatforms

    		Legacy endpoint for listing case federation platforms.

    legacySystemMetadata

    		Legacy Get System Metadata.

    listAllFindingsRefinementDeployments

    		Lists all findings refinement deployments.

    patch

    		Updates an Instance.

    queryProductSourceStats

    		Gets available product sources along with their stats.

    searchEntities

    		Identifies the entity type and retrieves relevant data associated with a specified indicator.

    searchRawLogs

    		Api to get events, entities, or unparsed raw logs matching the given raw log query.

    submitResponseFeedback

    		Submits a Response Feedback.

    summarizeEntitiesFromQuery

    		Parses the query and identifies the entities contained within the search query.

    summarizeEntity

    		Returns all entity data over specified time.

    testFindingsRefinement

    		Tests for and returns past activity for a findings refinement, including, potentially, times when the findings refinement was not yet created.

    translateUdmQuery

    		Translate natural language to a UDM Search query.

    translateYlRule

    		Translate natural language to a Yara-L rule.

    udmSearch

    		Performs a UDM search that returns matching events for the query.

    undelete

    		UndeleteInstance undeletes a soft-deleted Instance.

    updateBigQueryExport

    		Update the BigQuery export configuration for a Chronicle instance.

    updateRiskConfig

    		Updates RiskConfig used for the computation of Entity Risk Score.

    validateQuery

    		Validates UDM search query by compiling the query.

    verifyNonce

    		Verifies the nonce used to graduate an instance.

    verifyReferenceList

    		VerifyReferenceList validates list content and returns line errors, if any.

    verifyRuleText

    		Verifies the given rule text.
    Design a Mobile Site
    View Site in Mobile | Classic
    Share by: