Search result parse from the NetworkEvent, passed back to the client from LeagacySearchAssetEvents.
JSON representation |
---|
{ "event_time": string, "domain": string, "chip": { object ( |
Fields | |
---|---|
event_time |
Date/time of lookup (i.e. not the time that the event was ingested). A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
domain |
Domain name looked up (i.e. "foo.bad-actor.com" or "foocompany.com"). |
chip |
The chip to display. |
http_details[] |
Additional details about HTTP requests associated with this lookup. |
resolved_ip_addresses[] |
Either IPv4 or IPv6 results. Limited to a max of 5 results. We may want to annotate them with badges if the IPs are in a known IP space (CDN, AWS, Google Cloud Platform, Rackspace, etc). |
customer_prevalence |
The prevalence of the domain within the customer's environment, defined for v1 as the number of unique assets per day looking up the domain name over the trailing 10 days. |
filter_properties |
A list of filter properties associated the event. |
raw_logs_token |
A token to request raw logs, this is opaque to the client. If empty, no raw logs can be requested. |
sidebar_entries[] |
All the sidebar entries. |
asset_indicator |
AssetIndicator used for pivoting. |