FieldAndValue

Indicator value with field path to identity an entity.

JSON representation
{
  "value": string,
  "entity_namespace": string,

  // Union field type can be only one of the following:
  "field_path": string,
  "value_type": enum (ValueType)
  // End of list of possible types for union field type.
}
Fields
value

string

Required. Indicator to find entity.

entity_namespace

string

Optional. Entity namespace

Union field type.

type can be only one of the following:

field_path

string

Field path to look up the indicator query.

value_type

enum (ValueType)

Value type.

ValueType

Value type of the entity.

Enums
VALUE_TYPE_UNSPECIFIED Unspecified.
ASSET_IP_ADDRESS Asset ip address.
MAC Asset mac address.
HOSTNAME Asset hostname.
PRODUCT_SPECIFIC_ID Asset product id. Product specific ID for EDR/HIDS/AV products, etc.
DOMAIN_NAME Domain name.
RESOLVED_IP_ADDRESS Resolved ip address.
PROCESS_ID EDR process id.
FULL_COMMAND_LINE File full command line.
FILE_NAME File name.
FILE_PATH File path.
HASH_MD5 Hash md5.
HASH_SHA256 Hash sha256.
HASH_SHA1 Hash sha1.
RAW_PID Operating system process id.
PARENT_PROCESS_ID Process id for the parent that spawned a process.
EMAIL User email.
USERNAME User username.
WINDOWS_SID User windows sid.
EMPLOYEE_ID User employee id.
PRODUCT_OBJECT_ID User product object id. Product specific object ID for LDAP-like systems.
CLOUD_RESOURCE_NAME Cloud resource name.
RESOURCE_PRODUCT_OBJECT_ID Resource product object id.