hi @richgalloway thanks for your reply . i was asked to integrate chronicle by using pre-built app named chronicle and perform below tasks. test connectivity: Validate the asset configuration for connectivity using supplied configuration list ioc details: Return any threat intelligence associated with the specified artifact list iocs: List all of the IoCs discovered within the enterprise within the specified time list assets: List all of the assets that accessed the specified artifact within the specified time list events: List all of the events discovered within the enterprise on a particular device within the specified time domain reputation: Derive the reputation of the specified domain artifact (The reputation can be either of 'Malicious', 'Suspicious', and 'Unknown') ip reputation: Derive the reputation of the specified destination IP address artifact (The reputation can be either of 'Malicious', 'Suspicious', and 'Unknown') list alerts: List all of the security alerts tracked within the enterprise on particular assets and|or users for the specified time list rules: List the latest versions of the rules created in the Detection Engine within the enterprise list detections: List all the detections for the specific versions of the given Rule ID(s) on poll: Action handler for the on poll ingest functionality
... View more