Hello,
I am currently working on a Google SecOps SOAR API migration to the Chronicle API.
Using the official endpoint mapping table, I was able to identify several mappings.
I am unsure about this legacy SOAR endpoint:
/api/external/v1/search/CaseSearchEverything
I could not find a clear equivalent in the Chronicle endpoint mapping table, and it even seems that some parts of SecOps may still rely on this legacy route.
My question is:
What is the recommended Chronicle endpoint to replace CaseSearchEverything?
Or should we consider that this use case does not yet have a direct documented Chronicle equivalent?
Context:
- Stage 2 migration is in progress.
Thank you in advance for your help.