This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
The Google Cloud Security Community is upgrading platforms!

Read more and check out our FAQ
Log in to ask a question

Help Testing legacySearchArtifact Endpoint – Asset Data Visible in Dashboard, but Empty API Response

Posted 3 weeks ago
vishnusoni
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi Community,

I'm currently working with the legacySearchArtifactEvents endpoint in Google SecOps and have been tasked with validating its functionality through a script. While we are able to see asset-related data in the SecOps Dashboard, our script calling the legacySearchArtifactEvents API is returning an empty response. Currently, I'm sending these artifacts one at a time to endpoint: {domain, destination_ip_address, hash_sha256 }

These are things we have tried:
  1. Fetched assets present in events from SIEM search tab
  2. Fetched assets related to events in IOC matches tab

Could you please help clarify the following:

  1. How can we ingest or simulate asset data into our tenant in a way that ensures it becomes quarriable by the API?

  2. If there's relevant documentation or example API calls/payloads, please share a reference.

We’re trying to understand the gap between what’s shown in the UI and what’s returned from the endpoint, so any insight would be much appreciated.

Best regards,
Vishnu

0 1 1,284
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
ErikaB
Community Manager
Community Manager
Reply posted on --/--/---- --:-- AM

hi @vishnusoni 

While I don't have a detailed solution for your specific question, you asked about relevant documentation. Here is a resource that might offer some immediate assistance and clarification regarding APIs in Google SecOps.  https://cloud.google.com/chronicle/docs/reference/search-api  

 

0 Likes
Top Solution Authors
View all