EnrichmentProvenance

JSON representation 
{
  "nounType": enum (NounType),
  "typeEnrichmentProvenances": [
    {
      object (TypeEnrichmentProvenance)
    }
  ]
}
Fields
nounType

enum (NounType)
typeEnrichmentProvenances[]

object (TypeEnrichmentProvenance)

NounType

Enums
NOUN_TYPE_UNSPECIFIED
PRINCIPAL
SRC
TARGET

TypeEnrichmentProvenance

JSON representation 
{
  "enrichmentType": enum (EnrichmentType),
  "enrichmentSources": [
    {
      object (EnrichmentSource)
    }
  ],
  "fieldEnrichmentProvenances": [
    {
      object (FieldEnrichmentProvenance)
    }
  ]
}
Fields
enrichmentType

enum (EnrichmentType)
enrichmentSources[]

object (EnrichmentSource)
fieldEnrichmentProvenances[]

object (FieldEnrichmentProvenance)

EnrichmentType

Enums
ENRICHMENT_TYPE_UNSPECIFIED
ASSET
USER
PROCESS
VT_FILE_HASH
GEOIP
PARENT_PROCESS_FROM_CURRENT_PROCESS

EnrichmentSource

JSON representation 
{

  // Union field source can be only one of the following:
  "logType": enum (LogType),
  "noLogEnrichmentSource": enum (NoLogEnrichmentSource)
  // End of list of possible types for union field source.
}
Fields

Union field source.

source can be only one of the following:
logType

enum (LogType)
noLogEnrichmentSource

enum (NoLogEnrichmentSource)

FieldEnrichmentProvenance

JSON representation 
{
  "enrichingEvents": [
    {
      object (EnrichingEvent)
    }
  ]
}
Fields
enrichingEvents[]

object (EnrichingEvent)

EnrichingEvent

JSON representation 
{
  "enrichingEventType": enum (EnrichingEventType),
  "eventId": string
}
Fields
enrichingEventType

enum (EnrichingEventType)
eventId

string (bytes format)

A base64-encoded string.

EnrichingEventType

Enums
ENRICHING_EVENT_TYPE_UNSPECIFIED
DHCP
EDR_MAPPING
ASSET_CONTEXT
USER_CONTEXT
FILE_CONTEXT
EDR_PROCESS_LAUNCH
EDR