Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eThis content defines the JSON representation of an EDR (Endpoint Detection and Response) event associated with an asset as it is delivered to the user interface.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eevent_time\u003c/code\u003e field represents the date and time of the event using RFC 3339 format, and supports timestamps with varying fractional digit precision.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003edisplay_name\u003c/code\u003e field contains the string displayed to the user to represent the event.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eraw_logs_token\u003c/code\u003e field, if present, allows for raw log retrieval and is opaque to the client, while the absence of this field indicates that raw logs are not retrievable.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003efile_names\u003c/code\u003e field, used specifically in the context of the hash view timeline, contains a list of file names associated with the searched file hash.\u003c/p\u003e\n"]]],[],null,["# AssetEdrEvent\n\n- [JSON representation](#SCHEMA_REPRESENTATION)\n\nAn EDR event associated with an asset as delivered to the UI. To convey EDR events internally within the server, use AssetRawEdrEvent instead."]]
