Viewing docs for Google Cloud v9.28.0
published on Monday, Jun 22, 2026 by Pulumi
published on Monday, Jun 22, 2026 by Pulumi
Viewing docs for Google Cloud v9.28.0
published on Monday, Jun 22, 2026 by Pulumi
published on Monday, Jun 22, 2026 by Pulumi
Represents a set of logic conditions used to refine various types of findings such as curated rule detections.
Warning: This resource is in beta, and should be used with the terraform-provider-google-beta provider. See Provider Versions for more details on beta resources.
To get more information about FindingsRefinement, see:
- API documentation
- How-to Guides
Example Usage
Chronicle Findings Refinement Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const findingsRefinementExample = new gcp.chronicle.FindingsRefinement("findings_refinement_example", {
location: "us",
instance: "00000000-0000-0000-0000-000000000000",
displayName: "findings_refinement_display_name",
type: "DETECTION_EXCLUSION",
query: "network.dns.response = true",
outcomeFilters: [{
outcomeVariable: "risk_score",
outcomeFilterOperator: "EQUAL",
outcomeValue: "value",
}],
});
import pulumi
import pulumi_gcp as gcp
findings_refinement_example = gcp.chronicle.FindingsRefinement("findings_refinement_example",
location="us",
instance="00000000-0000-0000-0000-000000000000",
display_name="findings_refinement_display_name",
type="DETECTION_EXCLUSION",
query="network.dns.response = true",
outcome_filters=[{
"outcome_variable": "risk_score",
"outcome_filter_operator": "EQUAL",
"outcome_value": "value",
}])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/chronicle"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := chronicle.NewFindingsRefinement(ctx, "findings_refinement_example", &chronicle.FindingsRefinementArgs{
Location: pulumi.String("us"),
Instance: pulumi.String("00000000-0000-0000-0000-000000000000"),
DisplayName: pulumi.String("findings_refinement_display_name"),
Type: pulumi.String("DETECTION_EXCLUSION"),
Query: pulumi.String("network.dns.response = true"),
OutcomeFilters: chronicle.FindingsRefinementOutcomeFilterArray{
&chronicle.FindingsRefinementOutcomeFilterArgs{
OutcomeVariable: pulumi.String("risk_score"),
OutcomeFilterOperator: pulumi.String("EQUAL"),
OutcomeValue: pulumi.String("value"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var findingsRefinementExample = new Gcp.Chronicle.FindingsRefinement("findings_refinement_example", new()
{
Location = "us",
Instance = "00000000-0000-0000-0000-000000000000",
DisplayName = "findings_refinement_display_name",
Type = "DETECTION_EXCLUSION",
Query = "network.dns.response = true",
OutcomeFilters = new[]
{
new Gcp.Chronicle.Inputs.FindingsRefinementOutcomeFilterArgs
{
OutcomeVariable = "risk_score",
OutcomeFilterOperator = "EQUAL",
OutcomeValue = "value",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.chronicle.FindingsRefinement;
import com.pulumi.gcp.chronicle.FindingsRefinementArgs;
import com.pulumi.gcp.chronicle.inputs.FindingsRefinementOutcomeFilterArgs;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var findingsRefinementExample = new FindingsRefinement("findingsRefinementExample", FindingsRefinementArgs.builder()
.location("us")
.instance("00000000-0000-0000-0000-000000000000")
.displayName("findings_refinement_display_name")
.type("DETECTION_EXCLUSION")
.query("network.dns.response = true")
.outcomeFilters(FindingsRefinementOutcomeFilterArgs.builder()
.outcomeVariable("risk_score")
.outcomeFilterOperator("EQUAL")
.outcomeValue("value")
.build())
.build());
}
}
resources:
findingsRefinementExample:
type: gcp:chronicle:FindingsRefinement
name: findings_refinement_example
properties:
location: us
instance: 00000000-0000-0000-0000-000000000000
displayName: findings_refinement_display_name
type: DETECTION_EXCLUSION
query: network.dns.response = true
outcomeFilters:
- outcomeVariable: risk_score
outcomeFilterOperator: EQUAL
outcomeValue: value
pulumi {
required_providers {
gcp = {
source = "pulumi/gcp"
}
}
}
resource "gcp_chronicle_findingsrefinement" "findings_refinement_example" {
location = "us"
instance = "00000000-0000-0000-0000-000000000000"
display_name = "findings_refinement_display_name"
type = "DETECTION_EXCLUSION"
query = "network.dns.response = true"
outcome_filters {
outcome_variable = "risk_score"
outcome_filter_operator = "EQUAL"
outcome_value = "value"
}
}
Chronicle Findings Refinement Full
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const findingsRefinementExample = new gcp.chronicle.FindingsRefinement("findings_refinement_example", {
location: "us",
instance: "00000000-0000-0000-0000-000000000000",
displayName: "findings_refinement_display_name",
type: "DETECTION_EXCLUSION",
query: "network.dns.response = true",
outcomeFilters: [{
outcomeVariable: "network.dns.response = true",
outcomeFilterOperator: "EQUAL",
outcomeValue: "value1",
}],
});
import pulumi
import pulumi_gcp as gcp
findings_refinement_example = gcp.chronicle.FindingsRefinement("findings_refinement_example",
location="us",
instance="00000000-0000-0000-0000-000000000000",
display_name="findings_refinement_display_name",
type="DETECTION_EXCLUSION",
query="network.dns.response = true",
outcome_filters=[{
"outcome_variable": "network.dns.response = true",
"outcome_filter_operator": "EQUAL",
"outcome_value": "value1",
}])
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v9/go/gcp/chronicle"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := chronicle.NewFindingsRefinement(ctx, "findings_refinement_example", &chronicle.FindingsRefinementArgs{
Location: pulumi.String("us"),
Instance: pulumi.String("00000000-0000-0000-0000-000000000000"),
DisplayName: pulumi.String("findings_refinement_display_name"),
Type: pulumi.String("DETECTION_EXCLUSION"),
Query: pulumi.String("network.dns.response = true"),
OutcomeFilters: chronicle.FindingsRefinementOutcomeFilterArray{
&chronicle.FindingsRefinementOutcomeFilterArgs{
OutcomeVariable: pulumi.String("network.dns.response = true"),
OutcomeFilterOperator: pulumi.String("EQUAL"),
OutcomeValue: pulumi.String("value1"),
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var findingsRefinementExample = new Gcp.Chronicle.FindingsRefinement("findings_refinement_example", new()
{
Location = "us",
Instance = "00000000-0000-0000-0000-000000000000",
DisplayName = "findings_refinement_display_name",
Type = "DETECTION_EXCLUSION",
Query = "network.dns.response = true",
OutcomeFilters = new[]
{
new Gcp.Chronicle.Inputs.FindingsRefinementOutcomeFilterArgs
{
OutcomeVariable = "network.dns.response = true",
OutcomeFilterOperator = "EQUAL",
OutcomeValue = "value1",
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.chronicle.FindingsRefinement;
import com.pulumi.gcp.chronicle.FindingsRefinementArgs;
import com.pulumi.gcp.chronicle.inputs.FindingsRefinementOutcomeFilterArgs;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var findingsRefinementExample = new FindingsRefinement("findingsRefinementExample", FindingsRefinementArgs.builder()
.location("us")
.instance("00000000-0000-0000-0000-000000000000")
.displayName("findings_refinement_display_name")
.type("DETECTION_EXCLUSION")
.query("network.dns.response = true")
.outcomeFilters(FindingsRefinementOutcomeFilterArgs.builder()
.outcomeVariable("network.dns.response = true")
.outcomeFilterOperator("EQUAL")
.outcomeValue("value1")
.build())
.build());
}
}
resources:
findingsRefinementExample:
type: gcp:chronicle:FindingsRefinement
name: findings_refinement_example
properties:
location: us
instance: 00000000-0000-0000-0000-000000000000
displayName: findings_refinement_display_name
type: DETECTION_EXCLUSION
query: network.dns.response = true
outcomeFilters:
- outcomeVariable: network.dns.response = true
outcomeFilterOperator: EQUAL
outcomeValue: value1
pulumi {
required_providers {
gcp = {
source = "pulumi/gcp"
}
}
}
resource "gcp_chronicle_findingsrefinement" "findings_refinement_example" {
location = "us"
instance = "00000000-0000-0000-0000-000000000000"
display_name = "findings_refinement_display_name"
type = "DETECTION_EXCLUSION"
query = "network.dns.response = true"
outcome_filters {
outcome_variable = "network.dns.response = true"
outcome_filter_operator = "EQUAL"
outcome_value = "value1"
}
}
Create FindingsRefinement Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new FindingsRefinement(name: string, args: FindingsRefinementArgs, opts?: CustomResourceOptions);@overload
def FindingsRefinement(resource_name: str,
args: FindingsRefinementArgs,
opts: Optional[ResourceOptions] = None)
@overload
def FindingsRefinement(resource_name: str,
opts: Optional[ResourceOptions] = None,
instance: Optional[str] = None,
location: Optional[str] = None,
display_name: Optional[str] = None,
outcome_filters: Optional[Sequence[FindingsRefinementOutcomeFilterArgs]] = None,
project: Optional[str] = None,
query: Optional[str] = None,
type: Optional[str] = None)func NewFindingsRefinement(ctx *Context, name string, args FindingsRefinementArgs, opts ...ResourceOption) (*FindingsRefinement, error)public FindingsRefinement(string name, FindingsRefinementArgs args, CustomResourceOptions? opts = null)
public FindingsRefinement(String name, FindingsRefinementArgs args)
public FindingsRefinement(String name, FindingsRefinementArgs args, CustomResourceOptions options)
type: gcp:chronicle:FindingsRefinement
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
resource "gcp_chronicle_findingsrefinement" "name" {
# resource properties
}Parameters
- name string
- The unique name of the resource.
- args FindingsRefinementArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FindingsRefinementArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FindingsRefinementArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FindingsRefinementArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FindingsRefinementArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var findingsRefinementResource = new Gcp.Chronicle.FindingsRefinement("findingsRefinementResource", new()
{
Instance = "string",
Location = "string",
DisplayName = "string",
OutcomeFilters = new[]
{
new Gcp.Chronicle.Inputs.FindingsRefinementOutcomeFilterArgs
{
OutcomeFilterOperator = "string",
OutcomeValue = "string",
OutcomeVariable = "string",
},
},
Project = "string",
Query = "string",
Type = "string",
});
example, err := chronicle.NewFindingsRefinement(ctx, "findingsRefinementResource", &chronicle.FindingsRefinementArgs{
Instance: pulumi.String("string"),
Location: pulumi.String("string"),
DisplayName: pulumi.String("string"),
OutcomeFilters: chronicle.FindingsRefinementOutcomeFilterArray{
&chronicle.FindingsRefinementOutcomeFilterArgs{
OutcomeFilterOperator: pulumi.String("string"),
OutcomeValue: pulumi.String("string"),
OutcomeVariable: pulumi.String("string"),
},
},
Project: pulumi.String("string"),
Query: pulumi.String("string"),
Type: pulumi.String("string"),
})
resource "gcp_chronicle_findingsrefinement" "findingsRefinementResource" {
instance = "string"
location = "string"
display_name = "string"
outcome_filters {
outcome_filter_operator = "string"
outcome_value = "string"
outcome_variable = "string"
}
project = "string"
query = "string"
type = "string"
}
var findingsRefinementResource = new FindingsRefinement("findingsRefinementResource", FindingsRefinementArgs.builder()
.instance("string")
.location("string")
.displayName("string")
.outcomeFilters(FindingsRefinementOutcomeFilterArgs.builder()
.outcomeFilterOperator("string")
.outcomeValue("string")
.outcomeVariable("string")
.build())
.project("string")
.query("string")
.type("string")
.build());
findings_refinement_resource = gcp.chronicle.FindingsRefinement("findingsRefinementResource",
instance="string",
location="string",
display_name="string",
outcome_filters=[{
"outcome_filter_operator": "string",
"outcome_value": "string",
"outcome_variable": "string",
}],
project="string",
query="string",
type="string")
const findingsRefinementResource = new gcp.chronicle.FindingsRefinement("findingsRefinementResource", {
instance: "string",
location: "string",
displayName: "string",
outcomeFilters: [{
outcomeFilterOperator: "string",
outcomeValue: "string",
outcomeVariable: "string",
}],
project: "string",
query: "string",
type: "string",
});
type: gcp:chronicle:FindingsRefinement
properties:
displayName: string
instance: string
location: string
outcomeFilters:
- outcomeFilterOperator: string
outcomeValue: string
outcomeVariable: string
project: string
query: string
type: string
FindingsRefinement Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The FindingsRefinement resource accepts the following input properties:
- Instance string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - Location string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - Display
Name string - Display name of the findings refinement.
- Outcome
Filters List<FindingsRefinement Outcome Filter> - The outcome filters for the findings refinement. These allow you to specify filters that are applied to the outcome variables in the detection. All filters must be true for a detection to match the findings refinement. Structure is documented below.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Query string
- The query for the findings refinement. Works in conjunction with the type field to determine the findings refinement behavior. The syntax of this query is the same as a UDM search string. See the following for more information: https://cloud.google.com/chronicle/docs/investigation/udm-search
- Type string
- DETECTION_EXCLUSION is the only supported type of findings refinement. Possible values: DETECTION_EXCLUSION
- Instance string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - Location string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - Display
Name string - Display name of the findings refinement.
- Outcome
Filters []FindingsRefinement Outcome Filter Args - The outcome filters for the findings refinement. These allow you to specify filters that are applied to the outcome variables in the detection. All filters must be true for a detection to match the findings refinement. Structure is documented below.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Query string
- The query for the findings refinement. Works in conjunction with the type field to determine the findings refinement behavior. The syntax of this query is the same as a UDM search string. See the following for more information: https://cloud.google.com/chronicle/docs/investigation/udm-search
- Type string
- DETECTION_EXCLUSION is the only supported type of findings refinement. Possible values: DETECTION_EXCLUSION
- instance string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - location string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - display_
name string - Display name of the findings refinement.
- outcome_
filters list(object) - The outcome filters for the findings refinement. These allow you to specify filters that are applied to the outcome variables in the detection. All filters must be true for a detection to match the findings refinement. Structure is documented below.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- query string
- The query for the findings refinement. Works in conjunction with the type field to determine the findings refinement behavior. The syntax of this query is the same as a UDM search string. See the following for more information: https://cloud.google.com/chronicle/docs/investigation/udm-search
- type string
- DETECTION_EXCLUSION is the only supported type of findings refinement. Possible values: DETECTION_EXCLUSION
- instance String
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - location String
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - display
Name String - Display name of the findings refinement.
- outcome
Filters List<FindingsRefinement Outcome Filter> - The outcome filters for the findings refinement. These allow you to specify filters that are applied to the outcome variables in the detection. All filters must be true for a detection to match the findings refinement. Structure is documented below.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- query String
- The query for the findings refinement. Works in conjunction with the type field to determine the findings refinement behavior. The syntax of this query is the same as a UDM search string. See the following for more information: https://cloud.google.com/chronicle/docs/investigation/udm-search
- type String
- DETECTION_EXCLUSION is the only supported type of findings refinement. Possible values: DETECTION_EXCLUSION
- instance string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - location string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - display
Name string - Display name of the findings refinement.
- outcome
Filters FindingsRefinement Outcome Filter[] - The outcome filters for the findings refinement. These allow you to specify filters that are applied to the outcome variables in the detection. All filters must be true for a detection to match the findings refinement. Structure is documented below.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- query string
- The query for the findings refinement. Works in conjunction with the type field to determine the findings refinement behavior. The syntax of this query is the same as a UDM search string. See the following for more information: https://cloud.google.com/chronicle/docs/investigation/udm-search
- type string
- DETECTION_EXCLUSION is the only supported type of findings refinement. Possible values: DETECTION_EXCLUSION
- instance str
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - location str
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - display_
name str - Display name of the findings refinement.
- outcome_
filters Sequence[FindingsRefinement Outcome Filter Args] - The outcome filters for the findings refinement. These allow you to specify filters that are applied to the outcome variables in the detection. All filters must be true for a detection to match the findings refinement. Structure is documented below.
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- query str
- The query for the findings refinement. Works in conjunction with the type field to determine the findings refinement behavior. The syntax of this query is the same as a UDM search string. See the following for more information: https://cloud.google.com/chronicle/docs/investigation/udm-search
- type str
- DETECTION_EXCLUSION is the only supported type of findings refinement. Possible values: DETECTION_EXCLUSION
- instance String
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - location String
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - display
Name String - Display name of the findings refinement.
- outcome
Filters List<Property Map> - The outcome filters for the findings refinement. These allow you to specify filters that are applied to the outcome variables in the detection. All filters must be true for a detection to match the findings refinement. Structure is documented below.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- query String
- The query for the findings refinement. Works in conjunction with the type field to determine the findings refinement behavior. The syntax of this query is the same as a UDM search string. See the following for more information: https://cloud.google.com/chronicle/docs/investigation/udm-search
- type String
- DETECTION_EXCLUSION is the only supported type of findings refinement. Possible values: DETECTION_EXCLUSION
Outputs
All input properties are implicitly available as output properties. Additionally, the FindingsRefinement resource produces the following output properties:
- Create
Time string - The timestamp of when the findings refinement was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Full resource name for the findings refinement. Format: projects/{project}/locations/{location}/instances/{instance}/findingsRefinements/{findings_refinement}
- Update
Time string - The timestamp of when the findings refinement was last updated.
- Create
Time string - The timestamp of when the findings refinement was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Full resource name for the findings refinement. Format: projects/{project}/locations/{location}/instances/{instance}/findingsRefinements/{findings_refinement}
- Update
Time string - The timestamp of when the findings refinement was last updated.
- create_
time string - The timestamp of when the findings refinement was created.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- Full resource name for the findings refinement. Format: projects/{project}/locations/{location}/instances/{instance}/findingsRefinements/{findings_refinement}
- update_
time string - The timestamp of when the findings refinement was last updated.
- create
Time String - The timestamp of when the findings refinement was created.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Full resource name for the findings refinement. Format: projects/{project}/locations/{location}/instances/{instance}/findingsRefinements/{findings_refinement}
- update
Time String - The timestamp of when the findings refinement was last updated.
- create
Time string - The timestamp of when the findings refinement was created.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- Full resource name for the findings refinement. Format: projects/{project}/locations/{location}/instances/{instance}/findingsRefinements/{findings_refinement}
- update
Time string - The timestamp of when the findings refinement was last updated.
- create_
time str - The timestamp of when the findings refinement was created.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- Full resource name for the findings refinement. Format: projects/{project}/locations/{location}/instances/{instance}/findingsRefinements/{findings_refinement}
- update_
time str - The timestamp of when the findings refinement was last updated.
- create
Time String - The timestamp of when the findings refinement was created.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- Full resource name for the findings refinement. Format: projects/{project}/locations/{location}/instances/{instance}/findingsRefinements/{findings_refinement}
- update
Time String - The timestamp of when the findings refinement was last updated.
Look up Existing FindingsRefinement Resource
Get an existing FindingsRefinement resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FindingsRefinementState, opts?: CustomResourceOptions): FindingsRefinement@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
create_time: Optional[str] = None,
display_name: Optional[str] = None,
instance: Optional[str] = None,
location: Optional[str] = None,
name: Optional[str] = None,
outcome_filters: Optional[Sequence[FindingsRefinementOutcomeFilterArgs]] = None,
project: Optional[str] = None,
query: Optional[str] = None,
type: Optional[str] = None,
update_time: Optional[str] = None) -> FindingsRefinementfunc GetFindingsRefinement(ctx *Context, name string, id IDInput, state *FindingsRefinementState, opts ...ResourceOption) (*FindingsRefinement, error)public static FindingsRefinement Get(string name, Input<string> id, FindingsRefinementState? state, CustomResourceOptions? opts = null)public static FindingsRefinement get(String name, Output<String> id, FindingsRefinementState state, CustomResourceOptions options)resources: _: type: gcp:chronicle:FindingsRefinement get: id: ${id}import {
to = gcp_chronicle_findingsrefinement.example
id = "${id}"
}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Create
Time string - The timestamp of when the findings refinement was created.
- Display
Name string - Display name of the findings refinement.
- Instance string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - Location string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - Name string
- Full resource name for the findings refinement. Format: projects/{project}/locations/{location}/instances/{instance}/findingsRefinements/{findings_refinement}
- Outcome
Filters List<FindingsRefinement Outcome Filter> - The outcome filters for the findings refinement. These allow you to specify filters that are applied to the outcome variables in the detection. All filters must be true for a detection to match the findings refinement. Structure is documented below.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Query string
- The query for the findings refinement. Works in conjunction with the type field to determine the findings refinement behavior. The syntax of this query is the same as a UDM search string. See the following for more information: https://cloud.google.com/chronicle/docs/investigation/udm-search
- Type string
- DETECTION_EXCLUSION is the only supported type of findings refinement. Possible values: DETECTION_EXCLUSION
- Update
Time string - The timestamp of when the findings refinement was last updated.
- Create
Time string - The timestamp of when the findings refinement was created.
- Display
Name string - Display name of the findings refinement.
- Instance string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - Location string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - Name string
- Full resource name for the findings refinement. Format: projects/{project}/locations/{location}/instances/{instance}/findingsRefinements/{findings_refinement}
- Outcome
Filters []FindingsRefinement Outcome Filter Args - The outcome filters for the findings refinement. These allow you to specify filters that are applied to the outcome variables in the detection. All filters must be true for a detection to match the findings refinement. Structure is documented below.
- Project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- Query string
- The query for the findings refinement. Works in conjunction with the type field to determine the findings refinement behavior. The syntax of this query is the same as a UDM search string. See the following for more information: https://cloud.google.com/chronicle/docs/investigation/udm-search
- Type string
- DETECTION_EXCLUSION is the only supported type of findings refinement. Possible values: DETECTION_EXCLUSION
- Update
Time string - The timestamp of when the findings refinement was last updated.
- create_
time string - The timestamp of when the findings refinement was created.
- display_
name string - Display name of the findings refinement.
- instance string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - location string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - name string
- Full resource name for the findings refinement. Format: projects/{project}/locations/{location}/instances/{instance}/findingsRefinements/{findings_refinement}
- outcome_
filters list(object) - The outcome filters for the findings refinement. These allow you to specify filters that are applied to the outcome variables in the detection. All filters must be true for a detection to match the findings refinement. Structure is documented below.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- query string
- The query for the findings refinement. Works in conjunction with the type field to determine the findings refinement behavior. The syntax of this query is the same as a UDM search string. See the following for more information: https://cloud.google.com/chronicle/docs/investigation/udm-search
- type string
- DETECTION_EXCLUSION is the only supported type of findings refinement. Possible values: DETECTION_EXCLUSION
- update_
time string - The timestamp of when the findings refinement was last updated.
- create
Time String - The timestamp of when the findings refinement was created.
- display
Name String - Display name of the findings refinement.
- instance String
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - location String
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - name String
- Full resource name for the findings refinement. Format: projects/{project}/locations/{location}/instances/{instance}/findingsRefinements/{findings_refinement}
- outcome
Filters List<FindingsRefinement Outcome Filter> - The outcome filters for the findings refinement. These allow you to specify filters that are applied to the outcome variables in the detection. All filters must be true for a detection to match the findings refinement. Structure is documented below.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- query String
- The query for the findings refinement. Works in conjunction with the type field to determine the findings refinement behavior. The syntax of this query is the same as a UDM search string. See the following for more information: https://cloud.google.com/chronicle/docs/investigation/udm-search
- type String
- DETECTION_EXCLUSION is the only supported type of findings refinement. Possible values: DETECTION_EXCLUSION
- update
Time String - The timestamp of when the findings refinement was last updated.
- create
Time string - The timestamp of when the findings refinement was created.
- display
Name string - Display name of the findings refinement.
- instance string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - location string
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - name string
- Full resource name for the findings refinement. Format: projects/{project}/locations/{location}/instances/{instance}/findingsRefinements/{findings_refinement}
- outcome
Filters FindingsRefinement Outcome Filter[] - The outcome filters for the findings refinement. These allow you to specify filters that are applied to the outcome variables in the detection. All filters must be true for a detection to match the findings refinement. Structure is documented below.
- project string
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- query string
- The query for the findings refinement. Works in conjunction with the type field to determine the findings refinement behavior. The syntax of this query is the same as a UDM search string. See the following for more information: https://cloud.google.com/chronicle/docs/investigation/udm-search
- type string
- DETECTION_EXCLUSION is the only supported type of findings refinement. Possible values: DETECTION_EXCLUSION
- update
Time string - The timestamp of when the findings refinement was last updated.
- create_
time str - The timestamp of when the findings refinement was created.
- display_
name str - Display name of the findings refinement.
- instance str
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - location str
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - name str
- Full resource name for the findings refinement. Format: projects/{project}/locations/{location}/instances/{instance}/findingsRefinements/{findings_refinement}
- outcome_
filters Sequence[FindingsRefinement Outcome Filter Args] - The outcome filters for the findings refinement. These allow you to specify filters that are applied to the outcome variables in the detection. All filters must be true for a detection to match the findings refinement. Structure is documented below.
- project str
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- query str
- The query for the findings refinement. Works in conjunction with the type field to determine the findings refinement behavior. The syntax of this query is the same as a UDM search string. See the following for more information: https://cloud.google.com/chronicle/docs/investigation/udm-search
- type str
- DETECTION_EXCLUSION is the only supported type of findings refinement. Possible values: DETECTION_EXCLUSION
- update_
time str - The timestamp of when the findings refinement was last updated.
- create
Time String - The timestamp of when the findings refinement was created.
- display
Name String - Display name of the findings refinement.
- instance String
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - location String
- Resource ID segment making up resource
name. It identifies the resource within its parent collection as described in https://google.aip.dev/122. - name String
- Full resource name for the findings refinement. Format: projects/{project}/locations/{location}/instances/{instance}/findingsRefinements/{findings_refinement}
- outcome
Filters List<Property Map> - The outcome filters for the findings refinement. These allow you to specify filters that are applied to the outcome variables in the detection. All filters must be true for a detection to match the findings refinement. Structure is documented below.
- project String
- The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
- query String
- The query for the findings refinement. Works in conjunction with the type field to determine the findings refinement behavior. The syntax of this query is the same as a UDM search string. See the following for more information: https://cloud.google.com/chronicle/docs/investigation/udm-search
- type String
- DETECTION_EXCLUSION is the only supported type of findings refinement. Possible values: DETECTION_EXCLUSION
- update
Time String - The timestamp of when the findings refinement was last updated.
Supporting Types
FindingsRefinementOutcomeFilter, FindingsRefinementOutcomeFilterArgs
- Outcome
Filter stringOperator - The operator to be applied to the outcome variable. Possible values: EQUAL CONTAINS MATCHES_REGEX MATCHES_CIDR
- Outcome
Value string - The value of the outcome variable to match.
- Outcome
Variable string - The outcome variable name.
- Outcome
Filter stringOperator - The operator to be applied to the outcome variable. Possible values: EQUAL CONTAINS MATCHES_REGEX MATCHES_CIDR
- Outcome
Value string - The value of the outcome variable to match.
- Outcome
Variable string - The outcome variable name.
- outcome_
filter_ stringoperator - The operator to be applied to the outcome variable. Possible values: EQUAL CONTAINS MATCHES_REGEX MATCHES_CIDR
- outcome_
value string - The value of the outcome variable to match.
- outcome_
variable string - The outcome variable name.
- outcome
Filter StringOperator - The operator to be applied to the outcome variable. Possible values: EQUAL CONTAINS MATCHES_REGEX MATCHES_CIDR
- outcome
Value String - The value of the outcome variable to match.
- outcome
Variable String - The outcome variable name.
- outcome
Filter stringOperator - The operator to be applied to the outcome variable. Possible values: EQUAL CONTAINS MATCHES_REGEX MATCHES_CIDR
- outcome
Value string - The value of the outcome variable to match.
- outcome
Variable string - The outcome variable name.
- outcome_
filter_ stroperator - The operator to be applied to the outcome variable. Possible values: EQUAL CONTAINS MATCHES_REGEX MATCHES_CIDR
- outcome_
value str - The value of the outcome variable to match.
- outcome_
variable str - The outcome variable name.
- outcome
Filter StringOperator - The operator to be applied to the outcome variable. Possible values: EQUAL CONTAINS MATCHES_REGEX MATCHES_CIDR
- outcome
Value String - The value of the outcome variable to match.
- outcome
Variable String - The outcome variable name.
Import
FindingsRefinement can be imported using any of these accepted formats:
projects/{{project}}/locations/{{location}}/instances/{{instance}}/findingsRefinements/{{name}}{{project}}/{{location}}/{{instance}}/{{name}}{{location}}/{{instance}}/{{name}}
When using the pulumi import command, FindingsRefinement can be imported using one of the formats above. For example:
$ pulumi import gcp:chronicle/findingsRefinement:FindingsRefinement default projects/{{project}}/locations/{{location}}/instances/{{instance}}/findingsRefinements/{{name}}
$ pulumi import gcp:chronicle/findingsRefinement:FindingsRefinement default {{project}}/{{location}}/{{instance}}/{{name}}
$ pulumi import gcp:chronicle/findingsRefinement:FindingsRefinement default {{location}}/{{instance}}/{{name}}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Google Cloud (GCP) Classic pulumi/pulumi-gcp
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
google-betaTerraform Provider.
Viewing docs for Google Cloud v9.28.0
published on Monday, Jun 22, 2026 by Pulumi
published on Monday, Jun 22, 2026 by Pulumi