Full name: projects.locations.instances.investigations.transitionReviewState
investigations.transitionReviewState is used to update the review state of an investigation.
HTTP request
POST https://{endpoint}/v1alpha/{name}:transitionReviewState
Where {endpoint} is one of the supported service endpoints.
Path parameters
| Parameters | |
|---|---|
name |
Required. The name of the investigation to update. Format: projects/{project}/locations/{location}/instances/{instance}/investigations/{investigation} {project} is the GCP project number. {location} is the GCP region (e.g., "us", "europe"). {instance} is the Chronicle instance UUID. {investigation} is the investigation ID (UUID). |
Request body
The request body contains data with the following structure:
| JSON representation |
|---|
{ "reviewed": boolean } |
| Fields | |
|---|---|
reviewed |
Required. Indicates whether the investigation review is complete. This field is only relevant for MTD investigations. |
Response body
If successful, the response body contains an instance of Investigation.
Authorization scopes
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/cloud-platformhttps://www.googleapis.com/auth/chroniclehttps://www.googleapis.com/auth/chronicle.readonly
For more information, see the Authentication Overview.
IAM Permissions
Requires the following IAM permission on the name resource:
chronicle.investigations.transitionReviewState
For more information, see the IAM documentation.