EntityMetadata

JSON representation

Information about the Entity and the product where the entity was created. Next Tag: 17

JSON representation

JSON representation
{ "productEntityId" : string , "collectedTimestamp" : string , "creationTimestamp" : string , "interval" : { object ( `Interval` ) } , "vendorName" : string , "productName" : string , "feed" : string , "productVersion" : string , "entityType" : enum ( `EntityType` ) , "description" : string , "threat" : [ { object ( `SecurityResult` ) } ] , "sourceType" : enum ( `SourceType` ) , "sourceLabels" : [ { object ( `Label` ) } ] , "eventMetadata" : { object ( `Metadata` ) } , "structuredFields" : { object } , "extracted" : { object } }

 { 
 "productEntityId" 
 : 
 string 
 , 
 "collectedTimestamp" 
 : 
 string 
 , 
 "creationTimestamp" 
 : 
 string 
 , 
 "interval" 
 : 
 { 
 object (  Interval 
 
) 
 } 
 , 
 "vendorName" 
 : 
 string 
 , 
 "productName" 
 : 
 string 
 , 
 "feed" 
 : 
 string 
 , 
 "productVersion" 
 : 
 string 
 , 
 "entityType" 
 : 
 enum (  EntityType 
 
) 
 , 
 "description" 
 : 
 string 
 , 
 "threat" 
 : 
 [ 
 { 
 object (  SecurityResult 
 
) 
 } 
 ] 
 , 
 "sourceType" 
 : 
 enum (  SourceType 
 
) 
 , 
 "sourceLabels" 
 : 
 [ 
 { 
 object (  Label 
 
) 
 } 
 ] 
 , 
 "eventMetadata" 
 : 
 { 
 object (  Metadata 
 
) 
 } 
 , 
 "structuredFields" 
 : 
 { 
 object 
 } 
 , 
 "extracted" 
 : 
 { 
 object 
 } 
 }

Fields
`productEntityId`	`string` A vendor-specific identifier that uniquely identifies the entity (e.g. a GUID, LDAP, OID, or similar).
`collectedTimestamp`	`string ( Timestamp format)` GMT timestamp when the entity information was collected by the vendor's local collection infrastructure. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"` , `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"` .
`creationTimestamp`	`string ( Timestamp format)` GMT timestamp when the entity described by the productEntityId was created on the system where data was collected. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: `"2014-10-02T15:01:23Z"` , `"2014-10-02T15:01:23.045123456Z"` or `"2014-10-02T15:01:23+05:30"` .
`interval`	`object ( Interval )` Valid existence time range for the version of the entity represented by this entity data.
`vendorName`	`string` Vendor name of the product that produced the entity information.
`productName`	`string` Product name that produced the entity information.
`feed`	`string` Vendor feed name for a threat indicator feed.
`productVersion`	`string` Version of the product that produced the entity information.
`entityType`	`enum ( EntityType )` Entity type. If an entity has multiple possible types, this specifies the most specific type.
`description`	`string` Human-readable description of the entity.
`threat[]`	`object ( SecurityResult )` Metadata provided by a threat intelligence feed that identified the entity as malicious.
`sourceType`	`enum ( SourceType )` The source of the entity.
`sourceLabels[]`	`object ( Label )` Entity source metadata labels.
`eventMetadata`	`object ( Metadata )` Metadata field from the event.
`structuredFields (deprecated)`	`object ( Struct format)` This item is deprecated! Structured fields extracted from the log.
`extracted`	`object ( Struct format)` Flattened fields extracted from the log.