get_ioc_matches
Retrieve Indicators of Compromise (IoCs) matches from Chronicle for specified timeframes and project details to identify potential security threats.
Instructions
Get Indicators of Compromise (IoCs) matches from Chronicle.
Args:
project_id: Google Cloud project ID (defaults to config)
customer_id: Chronicle customer ID (defaults to config)
hours_back: How many hours to look back (default: 24)
max_matches: Maximum number of matches to return (default: 20)
region: Chronicle region (defaults to config)
Returns:
Formatted string with IoC matches
Input Schema
Name | Required | Description | Default |
---|---|---|---|
customer_id | No | ||
hours_back | No | ||
max_matches | No | ||
project_id | No | ||
region | No |
Input Schema (JSON Schema)
{
"properties": {
"customer_id": {
"default": null,
"title": "Customer Id",
"type": "string"
},
"hours_back": {
"default": 24,
"title": "Hours Back",
"type": "integer"
},
"max_matches": {
"default": 20,
"title": "Max Matches",
"type": "integer"
},
"project_id": {
"default": null,
"title": "Project Id",
"type": "string"
},
"region": {
"default": null,
"title": "Region",
"type": "string"
}
},
"title": "get_ioc_matchesArguments",
"type": "object"
}