AssetEdrEvent

An EDR event associated with an asset as delivered to the UI. To convey EDR events internally within the server, use AssetRawEdrEvent instead.

JSON representation 
{
  "eventTime": string,
  "displayName": string,
  "chip": {
    object (Chip)
  },
  "filterProperties": {
    object (FilterProperties)
  },
  "sidebarEntries": [
    {
      object (SidebarEntry)
    }
  ],
  "rawLogsToken": string,
  "assetIndicator": {
    object (AssetIndicator)
  },
  "fileNames": [
    string
  ]
}
Fields
eventTime

string (Timestamp format)

Date/time of the event.

Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
displayName

string

The canonical string to display for the event.
chip

object (Chip)

The chip to display.
filterProperties

object (FilterProperties)

A list of filter properties associated the event.
sidebarEntries[]

object (SidebarEntry)

All the sidebar entries.
rawLogsToken

string

A token to request raw logs, this is opaque to the client. If empty, no raw logs can be requested.
assetIndicator

object (AssetIndicator)

AssetIndicator used for pivoting.
fileNames[]

string

This field is only used for hash view timeline: it contains the file names associated with the queried file hash.