Skip to main content
Question

CaseSearchEverything (API) with modified time filter

  • November 6, 2025
  • 2 replies
  • 53 views
loops

I’m trying to retrieve cases that have been recently updated. The `CaseSearchEverything` (external/v1) endpoint can filter by date, but only the case creation date, using `startTime` and `endTime` filter values. It does not have the ability to filter cases by `startModifiedTime` and `endModifiedTime`.

The `GetCaseDetails` endpoint returns a value `modificationTimeUnixTimeInMs`, which means that the last modified time value exists somewhere, but is not available to `CaseSearchEverything` via filter parameters. The value also doesn’t appear in the output of `CaseSearchEverything`, preventing me from applying post-processing filters against bulk results.

Is there another way to filter cases by last modified time via external API?

If not, can we make a feature request for this?

2 replies

SoarAndy
Staff
Forum|alt.badge.img+12
  • SoarAndy
  • Staff
  • November 7, 2025

With the SOAR migration that will change the API, I suspect the existing API wont receive many updates.

Looking at the new API I see
https://docs.cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances.cases/list?rep_location=eu

Though orderby doesn’t list modified by either, I’m asking around..

Andy

TDRez
matthewnichols
SoarAndy
Staff
Forum|alt.badge.img+12
  • SoarAndy
  • Staff
  • November 10, 2025

@loops I’m told there was an oversight in the docs, and the following should work (specifically the new API, not the existing), a ticket was logged to corret the docs, thanks for finding this. 

&orderBy=updateTime%20desc
 

matthewnichols
Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.