+14Im using this endpoint https://cloud.google.com/chronicle/docs/reference/rest/v1alpha/projects.locations.instances/summarizeEntity
but the issue not able to figure out the URL Params values
I tried like this {"timeRange": { "start_time": "2025-07-10T00:00:00Z", "end_time": "2025-07-12T00:00:00Z" }, "pageSize": 10, "returnPrevalence" : true, "entityId" : "xxxxxxxxxxxxxxxxxx" }
Also how to pass entity and entity type and how to get entityid?
+11Here's a working example using Python I have used before:
url = f"https://us-chronicle.googleapis.com/v1alpha/{instance_id}:summarizeEntity"
headers = {
"Authorization": f"Bearer {access_token}",
"Content-Type": "application/json"
}
params = {
"entityId": entity_id,
"timeRange.startTime": start_time,
"timeRange.endTime": end_time,
"returnAlerts": "True"
}
I think the issue may be that timeRange isn't a nested Dictionary, rather you call it using the above syntax.
Best Regards,
Chris
+3For the summarize entity, try the params as follows:
{
"timeRange.end_time": "2025-07-12T00:00:00Z",
"timeRange.start_time": "2025-07-10T00:00:00Z",
"pageSize": 10,
"entityId" : "xxxxxxxxxxxxxxxxxx"
}
If setting return prevalence to true, you also need to provide a specific udm field to use for calculating prevalence, otherwise you will get 400 error.
To get the Entity ID, use the SearchEntities endpoint: for example, to get the details of entity jondoe:
params = {"indicator":"jondoe"}
Response will look like this:
{
"entities": [
{
"name": "projects/*******/locations/**/instances/******/entities/xxxxxxxx",
"metadata": { "entityType": "USER" },
"entity": { "user": { "userid": "jondoe" } }
}
]
}
The entity ID will be the xxxxxxxxx string after entities in the entity name. That is what you woudl use in the summarize entity endpoint.
+16Hey
To add 2 cents, the latest version of Chronicle integration has an action called “Enrich Entities”. Prevalence information is available there.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.