EntityMetadata

JSON representation

Information about the Entity and the product where the entity was created. Next Tag: 17

JSON representation

JSON representation
{ "productEntityId": string, "collectedTimestamp": string, "creationTimestamp": string, "interval": { object (`Interval`) }, "vendorName": string, "productName": string, "feed": string, "productVersion": string, "entityType": enum (`EntityType`), "description": string, "threat": [ { object (`SecurityResult`) } ], "sourceType": enum (`SourceType`), "sourceLabels": [ { object (`Label`) } ], "eventMetadata": { object (`Metadata`) }, "structuredFields": { object }, "extracted": { object } }

{
  "productEntityId": string,
  "collectedTimestamp": string,
  "creationTimestamp": string,
  "interval": {
    object (Interval)
  },
  "vendorName": string,
  "productName": string,
  "feed": string,
  "productVersion": string,
  "entityType": enum (EntityType),
  "description": string,
  "threat": [
    {
      object (SecurityResult)
    }
  ],
  "sourceType": enum (SourceType),
  "sourceLabels": [
    {
      object (Label)
    }
  ],
  "eventMetadata": {
    object (Metadata)
  },
  "structuredFields": {
    object
  },
  "extracted": {
    object
  }
}

Fields
`productEntityId`	`string` A vendor-specific identifier that uniquely identifies the entity (e.g. a GUID, LDAP, OID, or similar).
`collectedTimestamp`	`string (Timestamp format)` GMT timestamp when the entity information was collected by the vendor's local collection infrastructure. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`creationTimestamp`	`string (Timestamp format)` GMT timestamp when the entity described by the productEntityId was created on the system where data was collected. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"`, `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"`.
`interval`	`object (Interval)` Valid existence time range for the version of the entity represented by this entity data.
`vendorName`	`string` Vendor name of the product that produced the entity information.
`productName`	`string` Product name that produced the entity information.
`feed`	`string` Vendor feed name for a threat indicator feed.
`productVersion`	`string` Version of the product that produced the entity information.
`entityType`	`enum (EntityType)` Entity type. If an entity has multiple possible types, this specifies the most specific type.
`description`	`string` Human-readable description of the entity.
`threat[]`	`object (SecurityResult)` Metadata provided by a threat intelligence feed that identified the entity as malicious.
`sourceType`	`enum (SourceType)` The source of the entity.
`sourceLabels[]`	`object (Label)` Entity source metadata labels.
`eventMetadata`	`object (Metadata)` Metadata field from the event.
`structuredFields (deprecated)`	`object (Struct format)` This item is deprecated! Structured fields extracted from the log.
`extracted`	`object (Struct format)` Flattened fields extracted from the log.