REST Resource: projects.locations.instances
Resource: Instance
A Instance represents an instantiation of the Instance product.
| JSON representation |
|---|
{"name":string,"state":enum ( |
| Fields | |
|---|---|
name |
Identifier. The resource name of this instance. Format: |
state |
Output only. The state of the instance. |
purgeTime |
Output only. The earliest time that soft-deleted tenants will be permanently deleted and will no longer be able to be undeleted. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
deleteTime |
Output only. The time at which the instance was soft-deleted. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
wipeoutStatus |
Output only. The wipeout status of the instance. |
displayName |
Output only. The display name of the instance. |
secopsUrls[] |
Output only. URL of the SecOps instance for the instance.https://{frontendPath}.backstory.chronicle.security |
customerCode |
Output only. An acronym related to the company name. |
createTime |
Output only. The time at which the instance was created. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: |
complianceRequirements |
Optional. Compliance requirements for the instance. |
instanceConfig |
Optional. Instance Configs represents the features that can be enabled/disabled by the customer |
frontendPathConfigs[] |
Output only. List of frontend path - workforce pool provider id configs of the instance. |
WipeoutState
The wipeout status of the instance.
| Enums | |
|---|---|
WIPEOUT_STATE_UNSPECIFIED | The default value. |
DELETE_REQUESTED | The instance has requested deletion. |
SOFT_DELETE_IN_PROGRESS | The instance is in the process of being soft-deleted. |
SOFT_DELETE_COMPLETED | The instance has been soft-deleted. |
UNDELETE_REQUESTED | The instance has requested undeletion. |
DATA_DELETION_IN_PROGRESS | The instance is in the process of being data deleted. |
ERROR | The instance has an error during wipeout. |
WIPED_OUT | The instance has been wiped out. |
UNDELETE_COMPLETED | The instance has been undeleted. |
ComplianceRequirements
Compliance requirements.
| JSON representation |
|---|
{"complianceCertifications":[enum ( |
| Fields | |
|---|---|
complianceCertifications[] |
Optional. A list of compliance certifications. |
ComplianceCertification
Compliance certifications.
| Enums | |
|---|---|
COMPLIANCE_CERTIFICATION_UNSPECIFIED | LINT.IfChange(instance-compliance-certification) Unspecified compliance certification. |
FEDRAMP_MODERATE | FedRAMP Moderate. |
HIPAA | HIPAA. |
PCI_DSS | PCI DSS. |
FEDRAMP_HIGH | FedRAMP High. |
IL4 | IL4. |
IL5 | IL5. |
CHRONICLE_CMEK_V1 | Chronicle CMEK V1. |
DRZ_ADVANCED | DRZ_ADVANCED. |
EU_DATA_BOUNDARY | EU Data Boundary. |
REGIONAL_DATA_BOUNDARY | Regional Data Boundary. |
InstanceConfig
Instance Configs represents the features that can be enabled/disabled/configured by the customer
| JSON representation |
|---|
{"secopsUiEnabled":boolean,"dataRbacEnabled":boolean,"triageAgentEnabled":boolean} |
| Fields | |
|---|---|
secopsUiEnabled |
Optional. The desired access state (true for enabled). |
dataRbacEnabled |
Optional. The desired access state for Data RBAC (true for enabled). |
triageAgentEnabled |
Optional. The desired access state for Triage Agent (true for enabled). |
Methods | |
|---|---|
| Validates a batch of entities that could be added into watchlist under an instance. |
| Returns findings refinement activity for all findings refinements. |
| ContinuePocGraduation verifies and proceeds graduation. |
| Count detections across all curated rule sets. |
| RPC to submit user feedback on content generated by AI services. |
| DeleteInstance deletes an Instance. |
| ExtractSyslog extracts structured part of log from a unstructured log by running a grok regex over it. |
| FetchFederationAccess method lists all the instances the authenticated user has access to and the operations they can perform over these instances. |
| Identifies the entity type and retrieves relevant data associated with a specified indicator. |
| Get alerts for an entity. |
| Finds all the entities associated with provided entity. |
| Finds ingested UDM field values that match a query. |
| GenerateCollectionAgentAuth generates an auth json file for the collection agent. |
| GenerateSoarAuthJwt signs a jwt in order to proceed with jwt exchange based authenticate with soar. |
| Generates an AI-driven chat response based on a specific security intent. |
| GenerateUDMKeyValueMappings generates key value mapping of a raw log. |
| Generates a token that can be used to connect a workspace customer to a chronicle instance |
| Gets a Instance. |
| GetAgentSettings gets the agent settings for an instance. |
| Get the BigQuery export configuration for a Chronicle instance. |
| Get the EnrichmentCombination. |
| Gets the ManagedDomainSettings singleton for a customer. |
| Gets the super and subtenants and gets the current tenant name. |
| Queries the instance to get the Risk Configurations used for the computation of Entity Risk Score. |
| Get the set of threat collection filter options. |
| GraduatePocInstance graduates an instance. |
| Lists all LegacyCaseFederationPlatforms configured in the primary instance. |
| Legacy Get System Metadata. |
| Lists all findings refinement deployments. |
| Updates an Instance. |
| Gets available product sources along with their stats. |
| Identifies the entity type and retrieves relevant data associated with a specified indicator. |
| Api to get events, entities, or unparsed raw logs matching the given raw log query. |
| Submits user feedback for a specific platform interaction or feature. |
| Parses the query and identifies the entities contained within the search query. |
| Returns all entity data over specified time. |
| Tests for and returns past activity for a findings refinement, including, potentially, times when the findings refinement was not yet created. |
| Translate natural language to a UDM Search query. |
| Translate natural language to a Yara-L rule. |
| Performs a UDM search that returns matching events for the query. |
| UndeleteInstance undeletes a soft-deleted Instance. |
| UpdateAgentSettings updates the agent settings for an instance. |
| Update the BigQuery export configuration for a Chronicle instance. |
| Updates RiskConfig used for the computation of Entity Risk Score. |
| Validates UDM search query by compiling the query. |
| Verifies the nonce used to graduate an instance. |
| VerifyReferenceList validates list content and returns line errors, if any. |
| Verifies the given rule text. |
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-13 UTC.