Method: legacy.legacyFindAssetEvents

Full name: projects.locations.instances.legacy.legacyFindAssetEvents

Legacy endpoint for getting events for an asset indicator.

GET https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacyFindAssetEvents

Parameters

Parameters
`instance`	`string` Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Parameters
`assetIndicator`	`object (AssetIndicator)` Required. The asset to return events for.
`referenceTime`	`string (Timestamp format)` The time used to alias indicator and fetch results of the asset. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`timeRange`	`object (Interval)` Required. The time range of the events to return [inclusive start time, exclusive end time).
`maxResults`	`integer` The maximum number of events to return. The service may return fewer than this value. If unspecified, at most 10,000 events will be returned. The maximum value is 250,000; values above that will be coerced to 250,000.

The request body must be empty.

Response message for LegacyFindAssetEvents, containing all events related to an asset in a particular timeframe.

If successful, the response body contains data with the following structure:

JSON representation
{ "events": [ { object (`UDM`) } ], "more_data_available": boolean, "uri": [ string ] }

Fields

Fields
`events[]`	`object (UDM)` A list of events, sorted in ascending order of timestamp.
`more_data_available`	`boolean` Indicates that more data was available but not sent due to more hits than max_results.
`uri[]`	`string` URLs that direct into the Backstory UI.

events[]

object (UDM)

A list of events, sorted in ascending order of timestamp.

more_data_available

boolean

Indicates that more data was available but not sent due to more hits than max_results.

uri[]

string

URLs that direct into the Backstory UI.

Requires the following OAuth scope:

For more information, see the Authentication Overview.

Requires the following IAM permission on the instance resource:

For more information, see the IAM documentation.