IP network event parse from the NetworkEvent, passed back to the client from the RPC ListAssetEvents. IpNetworkEvent is a lookup event that has no domain associated with it. Example cases: * A machine curling a website's IP directly.
JSON representation |
---|
{ "event_time": string, "chip": { object ( |
Fields | |
---|---|
event_time |
Date/time of lookup (i.e. not the time that the event was ingested). A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
chip |
The chip to display. |
ip_address |
The IP address looked up. Examples: "127.0.0.1" or "2001:cdba:0000:0000:0000:0000:3257:9652" |
http_details[] |
Additional details about HTTP requests associated with this lookup. |
customer_prevalence |
The prevalence of the domain within the customer's environment, defined for v1 as the number of unique assets per day looking up the domain name over the trailing 10 days. |
filter_properties |
A list of filter properties associated the event. |
raw_logs_token |
A token to request raw logs, this is opaque to the client. If empty, no raw logs can be requested. |
sidebar_entries[] |
All the sidebar entries. |
asset_indicator |
AssetIndicator used for pivoting. |