| JSON representation |
|---|
{ "id": string, "product_log_id": string, "event_timestamp": string, "collected_timestamp": string, "ingested_timestamp": string, "event_type": enum ( |
| Fields | |
|---|---|
id |
A base64-encoded string. |
product_log_id |
|
event_timestamp |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
collected_timestamp |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
ingested_timestamp |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
event_type |
|
vendor_name |
|
product_name |
|
product_version |
|
product_event_type |
|
product_deployment_id |
|
description |
|
url_back_to_product |
|
ingestion_labels[] |
|
tags |
|
enrichment_state |
|
log_type |
|
base_labels |
|
enrichment_labels |
|
EventType
| Enums | |
|---|---|
EVENTTYPE_UNSPECIFIED |
|
PROCESS_UNCATEGORIZED |
|
PROCESS_LAUNCH |
|
PROCESS_INJECTION |
|
PROCESS_PRIVILEGE_ESCALATION |
|
PROCESS_TERMINATION |
|
PROCESS_OPEN |
|
PROCESS_MODULE_LOAD |
|
REGISTRY_UNCATEGORIZED |
|
REGISTRY_CREATION |
|
REGISTRY_MODIFICATION |
|
REGISTRY_DELETION |
|
SETTING_UNCATEGORIZED |
|
SETTING_CREATION |
|
SETTING_MODIFICATION |
|
SETTING_DELETION |
|
MUTEX_UNCATEGORIZED |
|
MUTEX_CREATION |
|
FILE_UNCATEGORIZED |
|
FILE_CREATION |
|
FILE_DELETION |
|
FILE_MODIFICATION |
|
FILE_READ |
|
FILE_COPY |
|
FILE_OPEN |
|
FILE_MOVE |
|
FILE_SYNC |
|
USER_UNCATEGORIZED |
|
USER_LOGIN |
|
USER_LOGOUT |
|
USER_CREATION |
|
USER_CHANGE_PASSWORD |
|
USER_CHANGE_PERMISSIONS |
|
USER_STATS |
|
USER_BADGE_IN |
|
USER_DELETION |
|
USER_RESOURCE_CREATION |
|
USER_RESOURCE_UPDATE_CONTENT |
|
USER_RESOURCE_UPDATE_PERMISSIONS |
|
USER_COMMUNICATION |
|
USER_RESOURCE_ACCESS |
|
USER_RESOURCE_DELETION |
|
GROUP_UNCATEGORIZED |
|
GROUP_CREATION |
|
GROUP_DELETION |
|
GROUP_MODIFICATION |
|
EMAIL_UNCATEGORIZED |
|
EMAIL_TRANSACTION |
|
EMAIL_URL_CLICK |
|
NETWORK_UNCATEGORIZED |
|
NETWORK_FLOW |
|
NETWORK_CONNECTION |
|
NETWORK_FTP |
|
NETWORK_DHCP |
|
NETWORK_DNS |
|
NETWORK_HTTP |
|
NETWORK_SMTP |
|
STATUS_UNCATEGORIZED |
|
STATUS_HEARTBEAT |
|
STATUS_STARTUP |
|
STATUS_SHUTDOWN |
|
STATUS_UPDATE |
|
SCAN_UNCATEGORIZED |
|
SCAN_FILE |
|
SCAN_PROCESS_BEHAVIORS |
|
SCAN_PROCESS |
|
SCAN_HOST |
|
SCAN_VULN_HOST |
|
SCAN_VULN_NETWORK |
|
SCAN_NETWORK |
|
SCHEDULED_TASK_UNCATEGORIZED |
|
SCHEDULED_TASK_CREATION |
|
SCHEDULED_TASK_DELETION |
|
SCHEDULED_TASK_ENABLE |
|
SCHEDULED_TASK_DISABLE |
|
SCHEDULED_TASK_MODIFICATION |
|
SYSTEM_AUDIT_LOG_UNCATEGORIZED |
|
SYSTEM_AUDIT_LOG_WIPE |
|
SERVICE_UNSPECIFIED |
|
SERVICE_CREATION |
|
SERVICE_DELETION |
|
SERVICE_START |
|
SERVICE_STOP |
|
SERVICE_MODIFICATION |
|
GENERIC_EVENT |
|
RESOURCE_CREATION |
|
RESOURCE_DELETION |
|
RESOURCE_PERMISSIONS_CHANGE |
|
RESOURCE_READ |
|
RESOURCE_WRITTEN |
|
DEVICE_FIRMWARE_UPDATE |
|
DEVICE_CONFIG_UPDATE |
|
DEVICE_PROGRAM_UPLOAD |
|
DEVICE_PROGRAM_DOWNLOAD |
|
ANALYST_UPDATE_VERDICT |
|
ANALYST_UPDATE_REPUTATION |
|
ANALYST_UPDATE_SEVERITY_SCORE |
|
ANALYST_UPDATE_STATUS |
|
ANALYST_ADD_COMMENT |
|
ANALYST_UPDATE_PRIORITY |
|
ANALYST_UPDATE_ROOT_CAUSE |
|
ANALYST_UPDATE_REASON |
|
ANALYST_UPDATE_RISK_SCORE |
|
Tags
| JSON representation |
|---|
{ "tenant_id": [ string ], "data_tap_config_name": [ string ] } |
| Fields | |
|---|---|
tenant_id[] |
A base64-encoded string. |
data_tap_config_name[] |
|
EnrichmentState
| Enums | |
|---|---|
ENRICHMENT_STATE_UNSPECIFIED |
|
ENRICHED |
|
UNENRICHED |
|
DataAccessLabels
| JSON representation |
|---|
{
"log_types": [
string
],
"ingestion_labels": [
string
],
"namespaces": [
string
],
"custom_labels": [
string
],
"ingestion_kv_labels": [
{
object ( |
| Fields | |
|---|---|
log_types[] |
|
ingestion_labels[] |
|
namespaces[] |
|
custom_labels[] |
|
ingestion_kv_labels[] |
|
allow_scoped_access |
|
DataAccessIngestionLabel
| JSON representation |
|---|
{ "key": string, "value": string } |
| Fields | |
|---|---|
key |
|
value |
|