SearchResult

Search result parse from the NetworkEvent, passed back to the client from LeagacySearchAssetEvents.

JSON representation 
{
  "event_time": string,
  "domain": string,
  "chip": {
    object (Chip)
  },
  "http_details": [
    {
      object (HttpDetails)
    }
  ],
  "resolved_ip_addresses": [
    string
  ],
  "customer_prevalence": integer,
  "filter_properties": {
    object (FilterProperties)
  },
  "raw_logs_token": string,
  "sidebar_entries": [
    {
      object (SidebarEntry)
    }
  ],
  "asset_indicator": {
    object (AssetIndicator)
  }
}
Fields
event_time

string (Timestamp format)

Date/time of lookup (i.e. not the time that the event was ingested).

Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted.Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
domain

string

Domain name looked up (i.e. "foo.bad-actor.com" or "foocompany.com").
chip

object (Chip)

The chip to display.
http_details[]

object (HttpDetails)

Additional details about HTTP requests associated with this lookup.
resolved_ip_addresses[]

string

Either IPv4 or IPv6 results. Limited to a max of 5 results. We may want to annotate them with badges if the IPs are in a known IP space (CDN, AWS, Google Cloud, Rackspace, etc).
customer_prevalence

integer

The prevalence of the domain within the customer's environment, defined for v1 as the number of unique assets per day looking up the domain name over the trailing 10 days.
filter_properties

object (FilterProperties)

A list of filter properties associated the event.
raw_logs_token

string

A token to request raw logs, this is opaque to the client. If empty, no raw logs can be requested.
sidebar_entries[]

object (SidebarEntry)

All the sidebar entries.
asset_indicator

object (AssetIndicator)

AssetIndicator used for pivoting.