AssetEdrEvent

JSON representation

An EDR event associated with an asset as delivered to the UI. To convey EDR events internally within the server, use AssetRawEdrEvent instead.

JSON representation

JSON representation
{ "event_time": string, "display_name": string, "chip": { object (`Chip`) }, "filter_properties": { object (`FilterProperties`) }, "sidebar_entries": [ { object (`SidebarEntry`) } ], "raw_logs_token": string, "asset_indicator": { object (`AssetIndicator`) }, "file_names": [ string ] }

{
  "event_time": string,
  "display_name": string,
  "chip": {
    object (Chip)
  },
  "filter_properties": {
    object (FilterProperties)
  },
  "sidebar_entries": [
    {
      object (SidebarEntry)
    }
  ],
  "raw_logs_token": string,
  "asset_indicator": {
    object (AssetIndicator)
  },
  "file_names": [
    string
  ]
}

Fields
`event_time`	`string (Timestamp format)` Date/time of the event. A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: `"2014-10-02T15:01:23Z"` and `"2014-10-02T15:01:23.045123456Z"`.
`display_name`	`string` The canonical string to display for the event.
`chip`	`object (Chip)` The chip to display.
`filter_properties`	`object (FilterProperties)` A list of filter properties associated the event.
`sidebar_entries[]`	`object (SidebarEntry)` All the sidebar entries.
`raw_logs_token`	`string` A token to request raw logs, this is opaque to the client. If empty, no raw logs can be requested.
`asset_indicator`	`object (AssetIndicator)` AssetIndicator used for pivoting.
`file_names[]`	`string` This field is only used for hash view timeline: it contains the file names associated with the queried file hash.