Method: legacy.legacyUpdateAlert

HTTP request
Path parameters
Request body
- JSON representation
Response body
Authorization scopes
IAM Permissions
LegacyFeedback
- JSON representation
Try it!

Full name: projects.locations.instances.legacy.legacyUpdateAlert

Legacy endpoint for updating an alert.

HTTP request

POST https://chronicle.googleapis.com/v1alpha/{instance}/legacy:legacyUpdateAlert

Path parameters

Parameters

Parameters
`instance`	`string` Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

instance

string

Required. Chronicle instance this request is sent to. Format: projects/{project}/locations/{location}/instances/{instance}

Request body

The request body contains data with the following structure:

JSON representation
{ "alert_id": string, "feedback": { object (`LegacyFeedback`) } }

Fields

Fields
`alert_id`	`string` Required. The id of the alert.
`feedback`	`object (LegacyFeedback)` Required. The analyst-supplied feedback on the alert.

alert_id

string

Required. The id of the alert.

feedback

object (LegacyFeedback)

Required. The analyst-supplied feedback on the alert.

Response body

If successful, the response body contains an instance of Collection.

Authorization scopes

Requires the following OAuth scope:

https://www.googleapis.com/auth/cloud-platform

For more information, see the Authentication Overview.

IAM Permissions

Requires the following IAM permission on the instance resource:

chronicle.legacies.legacyUpdateAlert

For more information, see the IAM documentation.

LegacyFeedback

A piece of user feedback on an alert. NEXT TAG: 15

JSON representation

JSON representation
{ "idp_user_id": string, "create_time": string, "verdict": enum (`Verdict`), "reputation": enum (`Reputation`), "confidence_score": integer, "risk_score": integer, "disregarded": boolean, "severity": integer, "comment": string, "status": enum (`Status`), "priority": enum (`Priority`), "root_cause": string, "reason": enum (`Reason`), "severity_display": string }

{
  "idp_user_id": string,
  "create_time": string,
  "verdict": enum (Verdict),
  "reputation": enum (Reputation),
  "confidence_score": integer,
  "risk_score": integer,
  "disregarded": boolean,
  "severity": integer,
  "comment": string,
  "status": enum (Status),
  "priority": enum (Priority),
  "root_cause": string,
  "reason": enum (Reason),
  "severity_display": string
}

Fields
`idp_user_id`	`string` Readonly. The unique identifier supplied by the customer's identity provider (IDP) for the user that provided the feedback.
`create_time`	`string (Timestamp format)` Readonly. The time when the user submitted the feedback. Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`verdict`	`enum (Verdict)` A verdict on whether the finding reflects a security inc
`reputation`	`enum (Reputation)` A categorization of the finding as useful or not useful.
`confidence_score`	`integer` Confidence score (0-100) of the finding.
`risk_score`	`integer` Risk score (0-100) of the finding.
`disregarded`	`boolean` Analyst disregard (or un-disregard) the event.
`severity`	`integer` Severity score (1-100) of the finding.
`comment`	`string` Analyst comment.
`status`	`enum (Status)` Alert status.
`priority`	`enum (Priority)` Alert priority.
`root_cause`	`string` Alert root cause.
`reason`	`enum (Reason)` Reason for closing an Alert.
`severity_display`	`string` Severity display name for UI and filtering.