Method: iocs.findFirstAndLastSeen

Full name: projects.locations.instances.iocs.findFirstAndLastSeen

FindFirstAndLastSeen for an Ioc.

HTTP request

GET https://chronicle.googleapis.com/v1alpha/{name}:findFirstAndLastSeen

Path parameters

Parameters
name

string

Required. projects/{project}/locations/{location}/instances/{instance}/iocs/{ioc}

Query parameters

Parameters
artifactIndicator

object (IocArtifactIndicator)

Required. An indicator to identify an artifact. Artifact indicator can be one of domain name, destination ip address, md5 hash, sha1 hash, or sha256 hash.

Request body

The request body must be empty.

Response body

Response message to find first and last seen of an Ioc

If successful, the response body contains data with the following structure:

JSON representation 
{
  "first_seen_time": string,
  "last_seen_time": string
}
Fields
first_seen_time

string (Timestamp format)

First seen timestamp of an Ioc in the corporation

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".
last_seen_time

string (Timestamp format)

Last seen timestamp of an Ioc in the corporation

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

Authorization scopes

Requires the following OAuth scope:

  • https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.