IP network event parse from the NetworkEvent, passed back to the client from the RPC ListAssetEvents. IpNetworkEvent is a lookup event that has no domain associated with it. Example cases: * A machine curling a website's IP directly.
Date/time of lookup (i.e. not the time that the event was ingested).
Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:"2014-10-02T15:01:23Z","2014-10-02T15:01:23.045123456Z"or"2014-10-02T15:01:23+05:30".
Additional details about HTTP requests associated with this lookup.
customerPrevalence
integer
The prevalence of the domain within the customer's environment, defined for v1 as the number of unique assets per day looking up the domain name over the trailing 10 days.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[[["\u003cp\u003eIpNetworkEvent represents a network lookup event without a specific domain, such as a direct IP address connection made by a machine.\u003c/p\u003e\n"],["\u003cp\u003eThe JSON representation includes fields like \u003ccode\u003eevent_time\u003c/code\u003e, \u003ccode\u003echip\u003c/code\u003e, \u003ccode\u003eip_address\u003c/code\u003e, \u003ccode\u003ehttp_details\u003c/code\u003e, \u003ccode\u003ecustomer_prevalence\u003c/code\u003e, \u003ccode\u003efilter_properties\u003c/code\u003e, \u003ccode\u003eraw_logs_token\u003c/code\u003e, \u003ccode\u003esidebar_entries\u003c/code\u003e, and \u003ccode\u003easset_indicator\u003c/code\u003e, providing comprehensive data about the event.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eevent_time\u003c/code\u003e specifies the lookup time in RFC 3339 format, \u003ccode\u003eip_address\u003c/code\u003e details the IP being queried, and \u003ccode\u003ehttp_details\u003c/code\u003e offers related HTTP request data.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003ecustomer_prevalence\u003c/code\u003e indicates the frequency of the lookup across a customer's assets, while \u003ccode\u003eraw_logs_token\u003c/code\u003e allows access to raw log data if available.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003efilter_properties\u003c/code\u003e, \u003ccode\u003esidebar_entries\u003c/code\u003e, and \u003ccode\u003easset_indicator\u003c/code\u003e offer event properties, additional event information, and a pivoting tool, respectively.\u003c/p\u003e\n"]]],[],null,["# IpNetworkEvent\n\n- [JSON representation](#SCHEMA_REPRESENTATION)\n\nIP network event parse from the NetworkEvent, passed back to the client from the RPC ListAssetEvents. IpNetworkEvent is a lookup event that has no domain associated with it. Example cases: \\* A machine curling a website's IP directly."]]
