FieldAndValue

JSON representation
ValueType

Indicator value with field path to identity an entity.

JSON representation

JSON representation
{ "value": string, "entity_namespace": string, // Union field `type` can be only one of the following: "field_path": string, "value_type": enum (`ValueType`) // End of list of possible types for union field `type`. }

{
  "value": string,
  "entity_namespace": string,

  // Union field type can be only one of the following:
  "field_path": string,
  "value_type": enum (ValueType)
  // End of list of possible types for union field type.
}

Fields
`value`	`string` Required. Indicator to find entity.
`entity_namespace`	`string` Optional. Entity namespace
Union field `type`. `type` can be only one of the following:
`field_path`	`string` Field path to look up the indicator query.
`value_type`	`enum (ValueType)` Value type.

ValueType

Value type of the entity.

Enums
`VALUE_TYPE_UNSPECIFIED`	Unspecified.
`ASSET_IP_ADDRESS`	Asset ip address.
`MAC`	Asset mac address.
`HOSTNAME`	Asset hostname.
`PRODUCT_SPECIFIC_ID`	Asset product id. Product specific ID for EDR/HIDS/AV products, etc.
`DOMAIN_NAME`	Domain name.
`RESOLVED_IP_ADDRESS`	Resolved ip address.
`PROCESS_ID`	EDR process id.
`FULL_COMMAND_LINE`	File full command line.
`FILE_NAME`	File name.
`FILE_PATH`	File path.
`HASH_MD5`	Hash md5.
`HASH_SHA256`	Hash sha256.
`HASH_SHA1`	Hash sha1.
`RAW_PID`	Operating system process id.
`PARENT_PROCESS_ID`	Process id for the parent that spawned a process.
`EMAIL`	User email.
`USERNAME`	User username.
`WINDOWS_SID`	User windows sid.
`EMPLOYEE_ID`	User employee id.
`PRODUCT_OBJECT_ID`	User product object id. Product specific object ID for LDAP-like systems.
`CLOUD_RESOURCE_NAME`	Cloud resource name.
`RESOURCE_PRODUCT_OBJECT_ID`	Resource product object id.