FieldAndValue

Indicator value with field path to identity an entity.

JSON representation 
{
  "value": string,
  "entityNamespace": string,

  // Union field type can be only one of the following:
  "fieldPath": string,
  "valueType": enum (ValueType)
  // End of list of possible types for union field type.
}
Fields
value

string

Required. Indicator value that is used to identify or find the entity.
entityNamespace

string

Optional. Entity namespace. Namespace is only applicable to asset entities.

Union field type.

type can be only one of the following:
fieldPath

string

A UDM field path which identifies the type of the indicator to be used to find the entity. This path is not used exclusively to "search" for the entity, but rather to identify the type of indicator, which can be inferred from the path.
valueType

enum (ValueType)

An explicit type of the indicator to be used to find the entity.

ValueType

Value type of the entity.

Enums
VALUE_TYPE_UNSPECIFIED Unspecified.
ASSET_IP_ADDRESS Asset ip address.
MAC Asset mac address.
HOSTNAME Asset hostname.
PRODUCT_SPECIFIC_ID Asset product id. Product specific ID for EDR/HIDS/AV products, etc.
DOMAIN_NAME Domain name.
RESOLVED_IP_ADDRESS Resolved ip address.
PROCESS_ID EDR process id.
FULL_COMMAND_LINE File full command line.
FILE_NAME File name.
FILE_PATH File path.
HASH_MD5 Hash md5.
HASH_SHA256 Hash sha256.
HASH_SHA1 Hash sha1.
RAW_PID Operating system process id.
PARENT_PROCESS_ID Process id for the parent that spawned a process.
EMAIL User email.
USERNAME User username.
WINDOWS_SID User windows sid.
EMPLOYEE_ID User employee id.
PRODUCT_OBJECT_ID User product object id. Product specific object ID for LDAP-like systems.
CLOUD_RESOURCE_NAME Cloud resource name.
RESOURCE_PRODUCT_OBJECT_ID Resource product object id.