Skip to main content

Difference between legacySearchAlerts and legacySearchRulesAlerts

  • November 17, 2024
  • 2 replies
  • 13 views
Z
Forum|alt.badge.img+6

I want to archive alerts from Google SecOps SIEM therefore I am still considering a couple of API endpoints to use in order to complete this. I identified legacySearchAlerts and legacySearchRulesAlerts.I noticed that both endpoints doesn´t prvoide the same form of alerts.

My questions are:

  • what is the difference between alerts that are provided by both endpoints ?
  • Is the difference just in how alerts are presented or does both endpoints provide absolute different data ?
  • What is the best choice when it comes to archiving alerts ? 

Thank you in advance !

2 replies

hzmndt
Staff
Forum|alt.badge.img+9
  • hzmndt
  • Staff
  • November 18, 2024

Tried -> Method: legacy.legacySearchAlerts, but showing 404, seems it's gone, will check internally and get document updated. 

So left only -> Method: legacy.legacySearchRulesAlerts 

DanDye
Staff
Forum|alt.badge.img+5
  • DanDye
  • Staff
  • November 19, 2024
@ZorghostI just created this Python sample file to help you with legacySearchRulesAlerts:

Once you have the Rule IDs for the alerts you want to close, you may find my blog post on bulk closing alerts helpful:
Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.