UdmProvenance

JSON representation
NounProvenance
- JSON representation
FieldProvenance
- JSON representation
UserProvenance
- JSON representation
LocationProvenance
- JSON representation
GoogleTypeLatLngProvenance
- JSON representation
AttributeProvenance
- JSON representation
LabelProvenance
- JSON representation
PermissionProvenance
- JSON representation
RoleProvenance
- JSON representation
TimeOffProvenance
ProcessProvenance
- JSON representation
FileProvenance
- JSON representation
FileMetadataProvenance
- JSON representation
PeFileMetadataProvenance
- JSON representation
SecurityResultProvenance
- JSON representation
Unsupported
AnalyticsMetadataProvenance
- JSON representation
AttackDetailsProvenance
- JSON representation
TacticProvenance
- JSON representation
TechniqueProvenance
- JSON representation
AssociationProvenance
- JSON representation
AssociationAliasProvenance
- JSON representation
VerdictProvenance
- JSON representation
ProviderMLVerdictProvenance
- JSON representation
SourceProvenance
- JSON representation
AnalystVerdictProvenance
- JSON representation
VerdictInfoProvenance
- JSON representation
IoCStatsProvenance
- JSON representation
ThreatCollectionItemProvenance
- JSON representation
FileMetadataPEProvenance
- JSON representation
FileMetadataSectionProvenance
- JSON representation
FileMetadataImportsProvenance
- JSON representation
FileMetadataPeResourceInfoProvenance
- JSON representation
StringToInt64MapEntryProvenance
- JSON representation
FileMetadataSignatureInfoProvenance
- JSON representation
SignerInfoProvenance
- JSON representation
X509Provenance
- JSON representation
PrevalenceProvenance
- JSON representation
ExifInfoProvenance
- JSON representation
SignatureInfoProvenance
- JSON representation
FileMetadataCodesignProvenance
- JSON representation
PDFInfoProvenance
- JSON representation
FaviconProvenance
- JSON representation
NtfsFileMetadataProvenance
- JSON representation
AssetProvenance
- JSON representation
HardwareProvenance
- JSON representation
PlatformSoftwareProvenance
- JSON representation
SoftwareProvenance
- JSON representation
VulnerabilityProvenance
- JSON representation
ArtifactProvenance
- JSON representation
NetworkProvenance
- JSON representation
FtpProvenance
- JSON representation
EmailProvenance
- JSON representation
DnsProvenance
- JSON representation
QuestionProvenance
- JSON representation
ResourceRecordProvenance
- JSON representation
DhcpProvenance
- JSON representation
OptionProvenance
- JSON representation
HttpProvenance
- JSON representation
UserAgentProtoProvenance
TlsProvenance
- JSON representation
ClientProvenance
- JSON representation
CertificateProvenance
- JSON representation
ServerProvenance
- JSON representation
SmtpProvenance
- JSON representation
ProxyInfoProvenance
- JSON representation
SSLCertificateProvenance
TunnelsProvenance
- JSON representation
ArtifactClientProvenance
- JSON representation

JSON representation
{ "principal": { object (`NounProvenance`) }, "src": { object (`NounProvenance`) }, "target": { object (`NounProvenance`) } }

Fields
`principal`	`object (NounProvenance)`
`src`	`object (NounProvenance)`
`target`	`object (NounProvenance)`

NounProvenance

JSON representation

JSON representation
{ "hostname": { object (`FieldProvenance`) }, "assetId": { object (`FieldProvenance`) }, "user": { object (`UserProvenance`) }, "process": { object (`ProcessProvenance`) }, "ip": [ { object (`FieldProvenance`) } ], "mac": [ { object (`FieldProvenance`) } ], "file": { object (`FileProvenance`) }, "location": { object (`LocationProvenance`) }, "asset": { object (`AssetProvenance`) }, "ipGeoArtifact": [ { object (`ArtifactProvenance`) } ] }

{
  "hostname": {
    object (FieldProvenance)
  },
  "assetId": {
    object (FieldProvenance)
  },
  "user": {
    object (UserProvenance)
  },
  "process": {
    object (ProcessProvenance)
  },
  "ip": [
    {
      object (FieldProvenance)
    }
  ],
  "mac": [
    {
      object (FieldProvenance)
    }
  ],
  "file": {
    object (FileProvenance)
  },
  "location": {
    object (LocationProvenance)
  },
  "asset": {
    object (AssetProvenance)
  },
  "ipGeoArtifact": [
    {
      object (ArtifactProvenance)
    }
  ]
}

Fields
`hostname`	`object (FieldProvenance)`
`assetId`	`object (FieldProvenance)`
`user`	`object (UserProvenance)`
`process`	`object (ProcessProvenance)`
`ip[]`	`object (FieldProvenance)`
`mac[]`	`object (FieldProvenance)`
`file`	`object (FileProvenance)`
`location`	`object (LocationProvenance)`
`asset`	`object (AssetProvenance)`
`ipGeoArtifact[]`	`object (ArtifactProvenance)`

FieldProvenance

JSON representation
{ "logSource": string, "logType": enum (`LogType`), "logTypes": [ enum (`LogType`) ], "eventId": string, "fromRawLog": boolean, "nonlogSource": enum (`NoLogEnrichmentSource`) }

Fields
`logSource`	`string`
`logType`	`enum (LogType)`
`logTypes[]`	`enum (LogType)`
`eventId`	`string (bytes format)` A base64-encoded string.
`fromRawLog`	`boolean`
`nonlogSource`	`enum (NoLogEnrichmentSource)`

UserProvenance

JSON representation

JSON representation
{ "productObjectId": { object (`FieldProvenance`) }, "userid": { object (`FieldProvenance`) }, "userDisplayName": { object (`FieldProvenance`) }, "firstName": { object (`FieldProvenance`) }, "middleName": { object (`FieldProvenance`) }, "lastName": { object (`FieldProvenance`) }, "phoneNumbers": [ { object (`FieldProvenance`) } ], "personalAddress": { object (`LocationProvenance`) }, "attribute": { object (`AttributeProvenance`) }, "firstSeenTime": { object (`FieldProvenance`) }, "accountType": { object (`FieldProvenance`) }, "groupid": { object (`FieldProvenance`) }, "groupIdentifiers": [ { object (`FieldProvenance`) } ], "windowsSid": { object (`FieldProvenance`) }, "emailAddresses": [ { object (`FieldProvenance`) } ], "employeeId": { object (`FieldProvenance`) }, "title": { object (`FieldProvenance`) }, "companyName": { object (`FieldProvenance`) }, "department": [ { object (`FieldProvenance`) } ], "officeAddress": { object (`LocationProvenance`) }, "managers": [ { object (`UserProvenance`) } ], "hireDate": { object (`FieldProvenance`) }, "terminationDate": { object (`FieldProvenance`) }, "timeOff": [ { object (`TimeOffProvenance`) } ], "lastLoginTime": { object (`FieldProvenance`) }, "lastPasswordChangeTime": { object (`FieldProvenance`) }, "passwordExpirationTime": { object (`FieldProvenance`) }, "accountExpirationTime": { object (`FieldProvenance`) }, "accountLockoutTime": { object (`FieldProvenance`) }, "lastBadPasswordAttemptTime": { object (`FieldProvenance`) }, "userAuthenticationStatus": { object (`FieldProvenance`) }, "roleName": { object (`FieldProvenance`) }, "roleDescription": { object (`FieldProvenance`) }, "userRole": { object (`FieldProvenance`) } }

{
  "productObjectId": {
    object (FieldProvenance)
  },
  "userid": {
    object (FieldProvenance)
  },
  "userDisplayName": {
    object (FieldProvenance)
  },
  "firstName": {
    object (FieldProvenance)
  },
  "middleName": {
    object (FieldProvenance)
  },
  "lastName": {
    object (FieldProvenance)
  },
  "phoneNumbers": [
    {
      object (FieldProvenance)
    }
  ],
  "personalAddress": {
    object (LocationProvenance)
  },
  "attribute": {
    object (AttributeProvenance)
  },
  "firstSeenTime": {
    object (FieldProvenance)
  },
  "accountType": {
    object (FieldProvenance)
  },
  "groupid": {
    object (FieldProvenance)
  },
  "groupIdentifiers": [
    {
      object (FieldProvenance)
    }
  ],
  "windowsSid": {
    object (FieldProvenance)
  },
  "emailAddresses": [
    {
      object (FieldProvenance)
    }
  ],
  "employeeId": {
    object (FieldProvenance)
  },
  "title": {
    object (FieldProvenance)
  },
  "companyName": {
    object (FieldProvenance)
  },
  "department": [
    {
      object (FieldProvenance)
    }
  ],
  "officeAddress": {
    object (LocationProvenance)
  },
  "managers": [
    {
      object (UserProvenance)
    }
  ],
  "hireDate": {
    object (FieldProvenance)
  },
  "terminationDate": {
    object (FieldProvenance)
  },
  "timeOff": [
    {
      object (TimeOffProvenance)
    }
  ],
  "lastLoginTime": {
    object (FieldProvenance)
  },
  "lastPasswordChangeTime": {
    object (FieldProvenance)
  },
  "passwordExpirationTime": {
    object (FieldProvenance)
  },
  "accountExpirationTime": {
    object (FieldProvenance)
  },
  "accountLockoutTime": {
    object (FieldProvenance)
  },
  "lastBadPasswordAttemptTime": {
    object (FieldProvenance)
  },
  "userAuthenticationStatus": {
    object (FieldProvenance)
  },
  "roleName": {
    object (FieldProvenance)
  },
  "roleDescription": {
    object (FieldProvenance)
  },
  "userRole": {
    object (FieldProvenance)
  }
}

Fields
`productObjectId`	`object (FieldProvenance)`
`userid`	`object (FieldProvenance)`
`userDisplayName`	`object (FieldProvenance)`
`firstName`	`object (FieldProvenance)`
`middleName`	`object (FieldProvenance)`
`lastName`	`object (FieldProvenance)`
`phoneNumbers[]`	`object (FieldProvenance)`
`personalAddress`	`object (LocationProvenance)`
`attribute`	`object (AttributeProvenance)`
`firstSeenTime`	`object (FieldProvenance)`
`accountType`	`object (FieldProvenance)`
`groupid`	`object (FieldProvenance)`
`groupIdentifiers[]`	`object (FieldProvenance)`
`windowsSid`	`object (FieldProvenance)`
`emailAddresses[]`	`object (FieldProvenance)`
`employeeId`	`object (FieldProvenance)`
`title`	`object (FieldProvenance)`
`companyName`	`object (FieldProvenance)`
`department[]`	`object (FieldProvenance)`
`officeAddress`	`object (LocationProvenance)`
`managers[]`	`object (UserProvenance)`
`hireDate`	`object (FieldProvenance)`
`terminationDate`	`object (FieldProvenance)`
`timeOff[]`	`object (TimeOffProvenance)`
`lastLoginTime`	`object (FieldProvenance)`
`lastPasswordChangeTime`	`object (FieldProvenance)`
`passwordExpirationTime`	`object (FieldProvenance)`
`accountExpirationTime`	`object (FieldProvenance)`
`accountLockoutTime`	`object (FieldProvenance)`
`lastBadPasswordAttemptTime`	`object (FieldProvenance)`
`userAuthenticationStatus`	`object (FieldProvenance)`
`roleName (deprecated)`	`object (FieldProvenance)` This item is deprecated!
`roleDescription (deprecated)`	`object (FieldProvenance)` This item is deprecated!
`userRole (deprecated)`	`object (FieldProvenance)` This item is deprecated!

LocationProvenance

JSON representation

JSON representation
{ "city": { object (`FieldProvenance`) }, "state": { object (`FieldProvenance`) }, "countryOrRegion": { object (`FieldProvenance`) }, "name": { object (`FieldProvenance`) }, "deskName": { object (`FieldProvenance`) }, "floorName": { object (`FieldProvenance`) }, "regionLatitude": { object (`FieldProvenance`) }, "regionLongitude": { object (`FieldProvenance`) }, "regionCoordinates": { object (`GoogleTypeLatLngProvenance`) } }

{
  "city": {
    object (FieldProvenance)
  },
  "state": {
    object (FieldProvenance)
  },
  "countryOrRegion": {
    object (FieldProvenance)
  },
  "name": {
    object (FieldProvenance)
  },
  "deskName": {
    object (FieldProvenance)
  },
  "floorName": {
    object (FieldProvenance)
  },
  "regionLatitude": {
    object (FieldProvenance)
  },
  "regionLongitude": {
    object (FieldProvenance)
  },
  "regionCoordinates": {
    object (GoogleTypeLatLngProvenance)
  }
}

Fields
`city`	`object (FieldProvenance)`
`state`	`object (FieldProvenance)`
`countryOrRegion`	`object (FieldProvenance)`
`name`	`object (FieldProvenance)`
`deskName`	`object (FieldProvenance)`
`floorName`	`object (FieldProvenance)`
`regionLatitude (deprecated)`	`object (FieldProvenance)` This item is deprecated!
`regionLongitude (deprecated)`	`object (FieldProvenance)` This item is deprecated!
`regionCoordinates`	`object (GoogleTypeLatLngProvenance)`

GoogleTypeLatLngProvenance

JSON representation
{ "latitude": { object (`FieldProvenance`) }, "longitude": { object (`FieldProvenance`) } }

Fields
`latitude`	`object (FieldProvenance)`
`longitude`	`object (FieldProvenance)`

AttributeProvenance

JSON representation

JSON representation
{ "labels": [ { object (`LabelProvenance`) } ], "permissions": [ { object (`PermissionProvenance`) } ], "roles": [ { object (`RoleProvenance`) } ], "creationTime": { object (`FieldProvenance`) }, "lastUpdateTime": { object (`FieldProvenance`) } }

{
  "labels": [
    {
      object (LabelProvenance)
    }
  ],
  "permissions": [
    {
      object (PermissionProvenance)
    }
  ],
  "roles": [
    {
      object (RoleProvenance)
    }
  ],
  "creationTime": {
    object (FieldProvenance)
  },
  "lastUpdateTime": {
    object (FieldProvenance)
  }
}

Fields
`labels[]`	`object (LabelProvenance)`
`permissions[]`	`object (PermissionProvenance)`
`roles[]`	`object (RoleProvenance)`
`creationTime`	`object (FieldProvenance)`
`lastUpdateTime`	`object (FieldProvenance)`

LabelProvenance

JSON representation
{ "key": { object (`FieldProvenance`) }, "value": { object (`FieldProvenance`) }, "source": { object (`FieldProvenance`) }, "rbacEnabled": { object (`FieldProvenance`) } }

Fields
`key`	`object (FieldProvenance)`
`value`	`object (FieldProvenance)`
`source`	`object (FieldProvenance)`
`rbacEnabled`	`object (FieldProvenance)`

PermissionProvenance

JSON representation
{ "name": { object (`FieldProvenance`) }, "description": { object (`FieldProvenance`) }, "type": { object (`FieldProvenance`) } }

Fields
`name`	`object (FieldProvenance)`
`description`	`object (FieldProvenance)`
`type`	`object (FieldProvenance)`

RoleProvenance

JSON representation
{ "name": { object (`FieldProvenance`) }, "description": { object (`FieldProvenance`) }, "type": { object (`FieldProvenance`) } }

Fields
`name`	`object (FieldProvenance)`
`description`	`object (FieldProvenance)`
`type`	`object (FieldProvenance)`

TimeOffProvenance

This type has no fields.

ProcessProvenance

JSON representation

JSON representation
{ "pid": { object (`FieldProvenance`) }, "parentPid": { object (`FieldProvenance`) }, "parentProcess": { object (`ProcessProvenance`) }, "file": { object (`FileProvenance`) }, "commandLine": { object (`FieldProvenance`) }, "commandLineHistory": [ { object (`FieldProvenance`) } ], "productSpecificProcessId": { object (`FieldProvenance`) }, "accessMask": { object (`FieldProvenance`) }, "integrityLevelRid": { object (`FieldProvenance`) }, "euid": { object (`FieldProvenance`) }, "ruid": { object (`FieldProvenance`) }, "egid": { object (`FieldProvenance`) }, "rgid": { object (`FieldProvenance`) }, "pgid": { object (`FieldProvenance`) }, "sessionLeaderPid": { object (`FieldProvenance`) }, "tty": { object (`FieldProvenance`) }, "tokenElevationType": { object (`FieldProvenance`) }, "productSpecificParentProcessId": { object (`FieldProvenance`) } }

{
  "pid": {
    object (FieldProvenance)
  },
  "parentPid": {
    object (FieldProvenance)
  },
  "parentProcess": {
    object (ProcessProvenance)
  },
  "file": {
    object (FileProvenance)
  },
  "commandLine": {
    object (FieldProvenance)
  },
  "commandLineHistory": [
    {
      object (FieldProvenance)
    }
  ],
  "productSpecificProcessId": {
    object (FieldProvenance)
  },
  "accessMask": {
    object (FieldProvenance)
  },
  "integrityLevelRid": {
    object (FieldProvenance)
  },
  "euid": {
    object (FieldProvenance)
  },
  "ruid": {
    object (FieldProvenance)
  },
  "egid": {
    object (FieldProvenance)
  },
  "rgid": {
    object (FieldProvenance)
  },
  "pgid": {
    object (FieldProvenance)
  },
  "sessionLeaderPid": {
    object (FieldProvenance)
  },
  "tty": {
    object (FieldProvenance)
  },
  "tokenElevationType": {
    object (FieldProvenance)
  },
  "productSpecificParentProcessId": {
    object (FieldProvenance)
  }
}

Fields
`pid`	`object (FieldProvenance)`
`parentPid (deprecated)`	`object (FieldProvenance)` This item is deprecated!
`parentProcess`	`object (ProcessProvenance)`
`file`	`object (FileProvenance)`
`commandLine`	`object (FieldProvenance)`
`commandLineHistory[]`	`object (FieldProvenance)`
`productSpecificProcessId`	`object (FieldProvenance)`
`accessMask`	`object (FieldProvenance)`
`integrityLevelRid`	`object (FieldProvenance)`
`euid`	`object (FieldProvenance)`
`ruid`	`object (FieldProvenance)`
`egid`	`object (FieldProvenance)`
`rgid`	`object (FieldProvenance)`
`pgid`	`object (FieldProvenance)`
`sessionLeaderPid`	`object (FieldProvenance)`
`tty`	`object (FieldProvenance)`
`tokenElevationType`	`object (FieldProvenance)`
`productSpecificParentProcessId (deprecated)`	`object (FieldProvenance)` This item is deprecated!

FileProvenance

JSON representation

JSON representation
{ "sha256": { object (`FieldProvenance`) }, "md5": { object (`FieldProvenance`) }, "sha1": { object (`FieldProvenance`) }, "size": { object (`FieldProvenance`) }, "fullPath": { object (`FieldProvenance`) }, "mimeType": { object (`FieldProvenance`) }, "fileMetadata": { object (`FileMetadataProvenance`) }, "securityResult": { object (`SecurityResultProvenance`) }, "peFile": { object (`FileMetadataPEProvenance`) }, "ssdeep": { object (`FieldProvenance`) }, "vhash": { object (`FieldProvenance`) }, "ahash": { object (`FieldProvenance`) }, "authentihash": { object (`FieldProvenance`) }, "symhash": { object (`FieldProvenance`) }, "fileType": { object (`FieldProvenance`) }, "capabilitiesTags": [ { object (`FieldProvenance`) } ], "names": [ { object (`FieldProvenance`) } ], "tags": [ { object (`FieldProvenance`) } ], "lastModificationTime": { object (`FieldProvenance`) }, "createTime": { object (`FieldProvenance`) }, "lastAccessTime": { object (`FieldProvenance`) }, "prevalence": { object (`PrevalenceProvenance`) }, "firstSeenTime": { object (`FieldProvenance`) }, "lastSeenTime": { object (`FieldProvenance`) }, "statMode": { object (`FieldProvenance`) }, "statInode": { object (`FieldProvenance`) }, "statDev": { object (`FieldProvenance`) }, "statNlink": { object (`FieldProvenance`) }, "statFlags": { object (`FieldProvenance`) }, "lastAnalysisTime": { object (`FieldProvenance`) }, "embeddedUrls": [ { object (`FieldProvenance`) } ], "embeddedDomains": [ { object (`FieldProvenance`) } ], "embeddedIps": [ { object (`FieldProvenance`) } ], "exifInfo": { object (`ExifInfoProvenance`) }, "signatureInfo": { object (`SignatureInfoProvenance`) }, "pdfInfo": { object (`PDFInfoProvenance`) }, "firstSubmissionTime": { object (`FieldProvenance`) }, "lastSubmissionTime": { object (`FieldProvenance`) }, "mainIcon": { object (`FaviconProvenance`) }, "ntfs": { object (`NtfsFileMetadataProvenance`) } }

{
  "sha256": {
    object (FieldProvenance)
  },
  "md5": {
    object (FieldProvenance)
  },
  "sha1": {
    object (FieldProvenance)
  },
  "size": {
    object (FieldProvenance)
  },
  "fullPath": {
    object (FieldProvenance)
  },
  "mimeType": {
    object (FieldProvenance)
  },
  "fileMetadata": {
    object (FileMetadataProvenance)
  },
  "securityResult": {
    object (SecurityResultProvenance)
  },
  "peFile": {
    object (FileMetadataPEProvenance)
  },
  "ssdeep": {
    object (FieldProvenance)
  },
  "vhash": {
    object (FieldProvenance)
  },
  "ahash": {
    object (FieldProvenance)
  },
  "authentihash": {
    object (FieldProvenance)
  },
  "symhash": {
    object (FieldProvenance)
  },
  "fileType": {
    object (FieldProvenance)
  },
  "capabilitiesTags": [
    {
      object (FieldProvenance)
    }
  ],
  "names": [
    {
      object (FieldProvenance)
    }
  ],
  "tags": [
    {
      object (FieldProvenance)
    }
  ],
  "lastModificationTime": {
    object (FieldProvenance)
  },
  "createTime": {
    object (FieldProvenance)
  },
  "lastAccessTime": {
    object (FieldProvenance)
  },
  "prevalence": {
    object (PrevalenceProvenance)
  },
  "firstSeenTime": {
    object (FieldProvenance)
  },
  "lastSeenTime": {
    object (FieldProvenance)
  },
  "statMode": {
    object (FieldProvenance)
  },
  "statInode": {
    object (FieldProvenance)
  },
  "statDev": {
    object (FieldProvenance)
  },
  "statNlink": {
    object (FieldProvenance)
  },
  "statFlags": {
    object (FieldProvenance)
  },
  "lastAnalysisTime": {
    object (FieldProvenance)
  },
  "embeddedUrls": [
    {
      object (FieldProvenance)
    }
  ],
  "embeddedDomains": [
    {
      object (FieldProvenance)
    }
  ],
  "embeddedIps": [
    {
      object (FieldProvenance)
    }
  ],
  "exifInfo": {
    object (ExifInfoProvenance)
  },
  "signatureInfo": {
    object (SignatureInfoProvenance)
  },
  "pdfInfo": {
    object (PDFInfoProvenance)
  },
  "firstSubmissionTime": {
    object (FieldProvenance)
  },
  "lastSubmissionTime": {
    object (FieldProvenance)
  },
  "mainIcon": {
    object (FaviconProvenance)
  },
  "ntfs": {
    object (NtfsFileMetadataProvenance)
  }
}

Fields
`sha256`	`object (FieldProvenance)`
`md5`	`object (FieldProvenance)`
`sha1`	`object (FieldProvenance)`
`size`	`object (FieldProvenance)`
`fullPath`	`object (FieldProvenance)`
`mimeType`	`object (FieldProvenance)`
`fileMetadata (deprecated)`	`object (FileMetadataProvenance)` This item is deprecated!
`securityResult`	`object (SecurityResultProvenance)`
`peFile`	`object (FileMetadataPEProvenance)`
`ssdeep`	`object (FieldProvenance)`
`vhash`	`object (FieldProvenance)`
`ahash (deprecated)`	`object (FieldProvenance)` This item is deprecated!
`authentihash`	`object (FieldProvenance)`
`symhash`	`object (FieldProvenance)`
`fileType`	`object (FieldProvenance)`
`capabilitiesTags[]`	`object (FieldProvenance)`
`names[]`	`object (FieldProvenance)`
`tags[]`	`object (FieldProvenance)`
`lastModificationTime`	`object (FieldProvenance)`
`createTime`	`object (FieldProvenance)`
`lastAccessTime`	`object (FieldProvenance)`
`prevalence`	`object (PrevalenceProvenance)`
`firstSeenTime`	`object (FieldProvenance)`
`lastSeenTime`	`object (FieldProvenance)`
`statMode`	`object (FieldProvenance)`
`statInode`	`object (FieldProvenance)`
`statDev`	`object (FieldProvenance)`
`statNlink`	`object (FieldProvenance)`
`statFlags`	`object (FieldProvenance)`
`lastAnalysisTime`	`object (FieldProvenance)`
`embeddedUrls[]`	`object (FieldProvenance)`
`embeddedDomains[]`	`object (FieldProvenance)`
`embeddedIps[]`	`object (FieldProvenance)`
`exifInfo`	`object (ExifInfoProvenance)`
`signatureInfo`	`object (SignatureInfoProvenance)`
`pdfInfo`	`object (PDFInfoProvenance)`
`firstSubmissionTime`	`object (FieldProvenance)`
`lastSubmissionTime`	`object (FieldProvenance)`
`mainIcon`	`object (FaviconProvenance)`
`ntfs`	`object (NtfsFileMetadataProvenance)`

FileMetadataProvenance

JSON representation
{ "pe": { object (`PeFileMetadataProvenance`) } }

Fields
`pe (deprecated)`	`object (PeFileMetadataProvenance)` This item is deprecated!

PeFileMetadataProvenance

JSON representation
{ "importHash": { object (`FieldProvenance`) } }

Fields
`importHash`	`object (FieldProvenance)`

SecurityResultProvenance

JSON representation

JSON representation
{ "about": { object (`NounProvenance`) }, "category": [ { object (`FieldProvenance`) } ], "categoryDetails": [ { object (`FieldProvenance`) } ], "threatName": { object (`FieldProvenance`) }, "ruleSet": { object (`FieldProvenance`) }, "ruleSetDisplayName": { object (`FieldProvenance`) }, "rulesetCategoryDisplayName": { object (`FieldProvenance`) }, "ruleId": { object (`FieldProvenance`) }, "ruleName": { object (`FieldProvenance`) }, "ruleVersion": { object (`FieldProvenance`) }, "ruleType": { object (`FieldProvenance`) }, "ruleAuthor": { object (`FieldProvenance`) }, "ruleLabels": [ { object (`LabelProvenance`) } ], "alertState": { object (`FieldProvenance`) }, "detectionFields": [ { object (`LabelProvenance`) } ], "outcomes": [ { object (`LabelProvenance`) } ], "unsupportedVariables": { object (`Unsupported`) }, "summary": { object (`FieldProvenance`) }, "description": { object (`FieldProvenance`) }, "action": [ { object (`FieldProvenance`) } ], "actionDetails": { object (`FieldProvenance`) }, "severity": { object (`FieldProvenance`) }, "confidence": { object (`FieldProvenance`) }, "priority": { object (`FieldProvenance`) }, "riskScore": { object (`FieldProvenance`) }, "confidenceScore": { object (`FieldProvenance`) }, "analyticsMetadata": [ { object (`AnalyticsMetadataProvenance`) } ], "severityDetails": { object (`FieldProvenance`) }, "confidenceDetails": { object (`FieldProvenance`) }, "priorityDetails": { object (`FieldProvenance`) }, "urlBackToProduct": { object (`FieldProvenance`) }, "threatId": { object (`FieldProvenance`) }, "threatFeedName": { object (`FieldProvenance`) }, "threatIdNamespace": { object (`FieldProvenance`) }, "threatStatus": { object (`FieldProvenance`) }, "attackDetails": { object (`AttackDetailsProvenance`) }, "firstDiscoveredTime": { object (`FieldProvenance`) }, "associations": [ { object (`AssociationProvenance`) } ], "campaigns": [ { object (`FieldProvenance`) } ], "reports": [ { object (`FieldProvenance`) } ], "verdict": { object (`VerdictProvenance`) }, "lastUpdatedTime": { object (`FieldProvenance`) }, "verdictInfo": [ { object (`VerdictInfoProvenance`) } ], "threatVerdict": { object (`FieldProvenance`) }, "lastDiscoveredTime": { object (`FieldProvenance`) }, "detectionDepth": { object (`FieldProvenance`) }, "threatCollections": [ { object (`ThreatCollectionItemProvenance`) } ] }

{
  "about": {
    object (NounProvenance)
  },
  "category": [
    {
      object (FieldProvenance)
    }
  ],
  "categoryDetails": [
    {
      object (FieldProvenance)
    }
  ],
  "threatName": {
    object (FieldProvenance)
  },
  "ruleSet": {
    object (FieldProvenance)
  },
  "ruleSetDisplayName": {
    object (FieldProvenance)
  },
  "rulesetCategoryDisplayName": {
    object (FieldProvenance)
  },
  "ruleId": {
    object (FieldProvenance)
  },
  "ruleName": {
    object (FieldProvenance)
  },
  "ruleVersion": {
    object (FieldProvenance)
  },
  "ruleType": {
    object (FieldProvenance)
  },
  "ruleAuthor": {
    object (FieldProvenance)
  },
  "ruleLabels": [
    {
      object (LabelProvenance)
    }
  ],
  "alertState": {
    object (FieldProvenance)
  },
  "detectionFields": [
    {
      object (LabelProvenance)
    }
  ],
  "outcomes": [
    {
      object (LabelProvenance)
    }
  ],
  "unsupportedVariables": {
    object (Unsupported)
  },
  "summary": {
    object (FieldProvenance)
  },
  "description": {
    object (FieldProvenance)
  },
  "action": [
    {
      object (FieldProvenance)
    }
  ],
  "actionDetails": {
    object (FieldProvenance)
  },
  "severity": {
    object (FieldProvenance)
  },
  "confidence": {
    object (FieldProvenance)
  },
  "priority": {
    object (FieldProvenance)
  },
  "riskScore": {
    object (FieldProvenance)
  },
  "confidenceScore": {
    object (FieldProvenance)
  },
  "analyticsMetadata": [
    {
      object (AnalyticsMetadataProvenance)
    }
  ],
  "severityDetails": {
    object (FieldProvenance)
  },
  "confidenceDetails": {
    object (FieldProvenance)
  },
  "priorityDetails": {
    object (FieldProvenance)
  },
  "urlBackToProduct": {
    object (FieldProvenance)
  },
  "threatId": {
    object (FieldProvenance)
  },
  "threatFeedName": {
    object (FieldProvenance)
  },
  "threatIdNamespace": {
    object (FieldProvenance)
  },
  "threatStatus": {
    object (FieldProvenance)
  },
  "attackDetails": {
    object (AttackDetailsProvenance)
  },
  "firstDiscoveredTime": {
    object (FieldProvenance)
  },
  "associations": [
    {
      object (AssociationProvenance)
    }
  ],
  "campaigns": [
    {
      object (FieldProvenance)
    }
  ],
  "reports": [
    {
      object (FieldProvenance)
    }
  ],
  "verdict": {
    object (VerdictProvenance)
  },
  "lastUpdatedTime": {
    object (FieldProvenance)
  },
  "verdictInfo": [
    {
      object (VerdictInfoProvenance)
    }
  ],
  "threatVerdict": {
    object (FieldProvenance)
  },
  "lastDiscoveredTime": {
    object (FieldProvenance)
  },
  "detectionDepth": {
    object (FieldProvenance)
  },
  "threatCollections": [
    {
      object (ThreatCollectionItemProvenance)
    }
  ]
}

Fields
`about`	`object (NounProvenance)`
`category[]`	`object (FieldProvenance)`
`categoryDetails[]`	`object (FieldProvenance)`
`threatName`	`object (FieldProvenance)`
`ruleSet`	`object (FieldProvenance)`
`ruleSetDisplayName`	`object (FieldProvenance)`
`rulesetCategoryDisplayName`	`object (FieldProvenance)`
`ruleId`	`object (FieldProvenance)`
`ruleName`	`object (FieldProvenance)`
`ruleVersion`	`object (FieldProvenance)`
`ruleType`	`object (FieldProvenance)`
`ruleAuthor`	`object (FieldProvenance)`
`ruleLabels[]`	`object (LabelProvenance)`
`alertState`	`object (FieldProvenance)`
`detectionFields[]`	`object (LabelProvenance)`
`outcomes[]`	`object (LabelProvenance)`
`unsupportedVariables`	`object (Unsupported)`
`summary`	`object (FieldProvenance)`
`description`	`object (FieldProvenance)`
`action[]`	`object (FieldProvenance)`
`actionDetails`	`object (FieldProvenance)`
`severity`	`object (FieldProvenance)`
`confidence`	`object (FieldProvenance)`
`priority`	`object (FieldProvenance)`
`riskScore`	`object (FieldProvenance)`
`confidenceScore`	`object (FieldProvenance)`
`analyticsMetadata[]`	`object (AnalyticsMetadataProvenance)`
`severityDetails`	`object (FieldProvenance)`
`confidenceDetails`	`object (FieldProvenance)`
`priorityDetails`	`object (FieldProvenance)`
`urlBackToProduct`	`object (FieldProvenance)`
`threatId`	`object (FieldProvenance)`
`threatFeedName`	`object (FieldProvenance)`
`threatIdNamespace`	`object (FieldProvenance)`
`threatStatus`	`object (FieldProvenance)`
`attackDetails`	`object (AttackDetailsProvenance)`
`firstDiscoveredTime`	`object (FieldProvenance)`
`associations[]`	`object (AssociationProvenance)`
`campaigns[] (deprecated)`	`object (FieldProvenance)` This item is deprecated!
`reports[] (deprecated)`	`object (FieldProvenance)` This item is deprecated!
`verdict (deprecated)`	`object (VerdictProvenance)` This item is deprecated!
`lastUpdatedTime`	`object (FieldProvenance)`
`verdictInfo[]`	`object (VerdictInfoProvenance)`
`threatVerdict`	`object (FieldProvenance)`
`lastDiscoveredTime`	`object (FieldProvenance)`
`detectionDepth`	`object (FieldProvenance)`
`threatCollections[]`	`object (ThreatCollectionItemProvenance)`

Unsupported

This type has no fields.

AnalyticsMetadataProvenance

JSON representation
{ "analytic": { object (`FieldProvenance`) } }

Fields
`analytic`	`object (FieldProvenance)`

AttackDetailsProvenance

JSON representation
{ "version": { object (`FieldProvenance`) }, "tactics": [ { object (`TacticProvenance`) } ], "techniques": [ { object (`TechniqueProvenance`) } ] }

Fields
`version`	`object (FieldProvenance)`
`tactics[]`	`object (TacticProvenance)`
`techniques[]`	`object (TechniqueProvenance)`

TacticProvenance

JSON representation
{ "id": { object (`FieldProvenance`) }, "name": { object (`FieldProvenance`) } }

Fields
`id`	`object (FieldProvenance)`
`name`	`object (FieldProvenance)`

TechniqueProvenance

JSON representation
{ "id": { object (`FieldProvenance`) }, "name": { object (`FieldProvenance`) }, "subtechniqueId": { object (`FieldProvenance`) }, "subtechniqueName": { object (`FieldProvenance`) } }

Fields
`id`	`object (FieldProvenance)`
`name`	`object (FieldProvenance)`
`subtechniqueId`	`object (FieldProvenance)`
`subtechniqueName`	`object (FieldProvenance)`

AssociationProvenance

JSON representation

JSON representation
{ "id": { object (`FieldProvenance`) }, "countryCode": [ { object (`FieldProvenance`) } ], "type": { object (`FieldProvenance`) }, "name": { object (`FieldProvenance`) }, "description": { object (`FieldProvenance`) }, "role": { object (`FieldProvenance`) }, "sourceCountry": { object (`FieldProvenance`) }, "alias": [ { object (`AssociationAliasProvenance`) } ], "firstReferenceTime": { object (`FieldProvenance`) }, "lastReferenceTime": { object (`FieldProvenance`) }, "industriesAffected": [ { object (`FieldProvenance`) } ], "associatedActors": [ { object (`AssociationProvenance`) } ], "regionCode": { object (`LocationProvenance`) }, "sponsorRegion": { object (`LocationProvenance`) }, "targetedRegions": [ { object (`LocationProvenance`) } ], "tags": [ { object (`FieldProvenance`) } ] }

{
  "id": {
    object (FieldProvenance)
  },
  "countryCode": [
    {
      object (FieldProvenance)
    }
  ],
  "type": {
    object (FieldProvenance)
  },
  "name": {
    object (FieldProvenance)
  },
  "description": {
    object (FieldProvenance)
  },
  "role": {
    object (FieldProvenance)
  },
  "sourceCountry": {
    object (FieldProvenance)
  },
  "alias": [
    {
      object (AssociationAliasProvenance)
    }
  ],
  "firstReferenceTime": {
    object (FieldProvenance)
  },
  "lastReferenceTime": {
    object (FieldProvenance)
  },
  "industriesAffected": [
    {
      object (FieldProvenance)
    }
  ],
  "associatedActors": [
    {
      object (AssociationProvenance)
    }
  ],
  "regionCode": {
    object (LocationProvenance)
  },
  "sponsorRegion": {
    object (LocationProvenance)
  },
  "targetedRegions": [
    {
      object (LocationProvenance)
    }
  ],
  "tags": [
    {
      object (FieldProvenance)
    }
  ]
}

Fields
`id`	`object (FieldProvenance)`
`countryCode[]`	`object (FieldProvenance)`
`type`	`object (FieldProvenance)`
`name`	`object (FieldProvenance)`
`description`	`object (FieldProvenance)`
`role`	`object (FieldProvenance)`
`sourceCountry (deprecated)`	`object (FieldProvenance)` This item is deprecated!
`alias[]`	`object (AssociationAliasProvenance)`
`firstReferenceTime`	`object (FieldProvenance)`
`lastReferenceTime`	`object (FieldProvenance)`
`industriesAffected[]`	`object (FieldProvenance)`
`associatedActors[]`	`object (AssociationProvenance)`
`regionCode`	`object (LocationProvenance)`
`sponsorRegion`	`object (LocationProvenance)`
`targetedRegions[]`	`object (LocationProvenance)`
`tags[]`	`object (FieldProvenance)`

AssociationAliasProvenance

JSON representation
{ "name": { object (`FieldProvenance`) }, "company": { object (`FieldProvenance`) } }

Fields
`name`	`object (FieldProvenance)`
`company`	`object (FieldProvenance)`

VerdictProvenance

JSON representation

JSON representation
{ "sourceCount": { object (`FieldProvenance`) }, "responseCount": { object (`FieldProvenance`) }, "neighbourInfluence": { object (`FieldProvenance`) }, "verdict": { object (`ProviderMLVerdictProvenance`) }, "analystVerdict": { object (`AnalystVerdictProvenance`) } }

{
  "sourceCount": {
    object (FieldProvenance)
  },
  "responseCount": {
    object (FieldProvenance)
  },
  "neighbourInfluence": {
    object (FieldProvenance)
  },
  "verdict": {
    object (ProviderMLVerdictProvenance)
  },
  "analystVerdict": {
    object (AnalystVerdictProvenance)
  }
}

Fields
`sourceCount`	`object (FieldProvenance)`
`responseCount`	`object (FieldProvenance)`
`neighbourInfluence`	`object (FieldProvenance)`
`verdict`	`object (ProviderMLVerdictProvenance)`
`analystVerdict`	`object (AnalystVerdictProvenance)`

ProviderMLVerdictProvenance

JSON representation

JSON representation
{ "sourceProvider": { object (`FieldProvenance`) }, "benignCount": { object (`FieldProvenance`) }, "maliciousCount": { object (`FieldProvenance`) }, "confidenceScore": { object (`FieldProvenance`) }, "mandiantSources": [ { object (`SourceProvenance`) } ], "thirdPartySources": [ { object (`SourceProvenance`) } ] }

{
  "sourceProvider": {
    object (FieldProvenance)
  },
  "benignCount": {
    object (FieldProvenance)
  },
  "maliciousCount": {
    object (FieldProvenance)
  },
  "confidenceScore": {
    object (FieldProvenance)
  },
  "mandiantSources": [
    {
      object (SourceProvenance)
    }
  ],
  "thirdPartySources": [
    {
      object (SourceProvenance)
    }
  ]
}

Fields
`sourceProvider`	`object (FieldProvenance)`
`benignCount`	`object (FieldProvenance)`
`maliciousCount`	`object (FieldProvenance)`
`confidenceScore`	`object (FieldProvenance)`
`mandiantSources[]`	`object (SourceProvenance)`
`thirdPartySources[]`	`object (SourceProvenance)`

SourceProvenance

JSON representation

JSON representation
{ "name": { object (`FieldProvenance`) }, "benignCount": { object (`FieldProvenance`) }, "maliciousCount": { object (`FieldProvenance`) }, "quality": { object (`FieldProvenance`) }, "responseCount": { object (`FieldProvenance`) }, "sourceCount": { object (`FieldProvenance`) }, "threatIntelligenceSources": [ { object (`SourceProvenance`) } ] }

{
  "name": {
    object (FieldProvenance)
  },
  "benignCount": {
    object (FieldProvenance)
  },
  "maliciousCount": {
    object (FieldProvenance)
  },
  "quality": {
    object (FieldProvenance)
  },
  "responseCount": {
    object (FieldProvenance)
  },
  "sourceCount": {
    object (FieldProvenance)
  },
  "threatIntelligenceSources": [
    {
      object (SourceProvenance)
    }
  ]
}

Fields
`name`	`object (FieldProvenance)`
`benignCount`	`object (FieldProvenance)`
`maliciousCount`	`object (FieldProvenance)`
`quality`	`object (FieldProvenance)`
`responseCount`	`object (FieldProvenance)`
`sourceCount`	`object (FieldProvenance)`
`threatIntelligenceSources[]`	`object (SourceProvenance)`

AnalystVerdictProvenance

JSON representation
{ "confidenceScore": { object (`FieldProvenance`) }, "verdictTime": { object (`FieldProvenance`) }, "verdictResponse": { object (`FieldProvenance`) } }

Fields
`confidenceScore`	`object (FieldProvenance)`
`verdictTime`	`object (FieldProvenance)`
`verdictResponse`	`object (FieldProvenance)`

VerdictInfoProvenance

JSON representation

{
  "sourceCount": {
    object (FieldProvenance)
  },
  "responseCount": {
    object (FieldProvenance)
  },
  "neighbourInfluence": {
    object (FieldProvenance)
  },
  "verdictType": {
    object (FieldProvenance)
  },
  "sourceProvider": {
    object (FieldProvenance)
  },
  "benignCount": {
    object (FieldProvenance)
  },
  "maliciousCount": {
    object (FieldProvenance)
  },
  "confidenceScore": {
    object (FieldProvenance)
  },
  "iocStats": [
    {
      object (IoCStatsProvenance)
    }
  ],
  "verdictTime": {
    object (FieldProvenance)
  },
  "verdictResponse": {
    object (FieldProvenance)
  },
  "globalCustomerCount": {
    object (FieldProvenance)
  },
  "globalHitsCount": {
    object (FieldProvenance)
  },
  "pwn": {
    object (FieldProvenance)
  },
  "categoryDetails": {
    object (FieldProvenance)
  },
  "pwnFirstTaggedTime": {
    object (FieldProvenance)
  }
}

Fields
`sourceCount`	`object (FieldProvenance)`
`responseCount`	`object (FieldProvenance)`
`neighbourInfluence`	`object (FieldProvenance)`
`verdictType`	`object (FieldProvenance)`
`sourceProvider`	`object (FieldProvenance)`
`benignCount`	`object (FieldProvenance)`
`maliciousCount`	`object (FieldProvenance)`
`confidenceScore`	`object (FieldProvenance)`
`iocStats[]`	`object (IoCStatsProvenance)`
`verdictTime`	`object (FieldProvenance)`
`verdictResponse`	`object (FieldProvenance)`
`globalCustomerCount`	`object (FieldProvenance)`
`globalHitsCount`	`object (FieldProvenance)`
`pwn`	`object (FieldProvenance)`
`categoryDetails`	`object (FieldProvenance)`
`pwnFirstTaggedTime`	`object (FieldProvenance)`

IoCStatsProvenance

JSON representation

{
  "iocStatsType": {
    object (FieldProvenance)
  },
  "firstLevelSource": {
    object (FieldProvenance)
  },
  "secondLevelSource": {
    object (FieldProvenance)
  },
  "benignCount": {
    object (FieldProvenance)
  },
  "quality": {
    object (FieldProvenance)
  },
  "maliciousCount": {
    object (FieldProvenance)
  },
  "responseCount": {
    object (FieldProvenance)
  },
  "sourceCount": {
    object (FieldProvenance)
  }
}

Fields
`iocStatsType`	`object (FieldProvenance)`
`firstLevelSource`	`object (FieldProvenance)`
`secondLevelSource`	`object (FieldProvenance)`
`benignCount`	`object (FieldProvenance)`
`quality`	`object (FieldProvenance)`
`maliciousCount`	`object (FieldProvenance)`
`responseCount`	`object (FieldProvenance)`
`sourceCount`	`object (FieldProvenance)`

ThreatCollectionItemProvenance

JSON representation
{ "id": { object (`FieldProvenance`) }, "type": { object (`FieldProvenance`) }, "altNames": [ { object (`FieldProvenance`) } ] }

Fields
`id`	`object (FieldProvenance)`
`type`	`object (FieldProvenance)`
`altNames[]`	`object (FieldProvenance)`

FileMetadataPEProvenance

JSON representation

{
  "imphash": {
    object (FieldProvenance)
  },
  "entryPoint": {
    object (FieldProvenance)
  },
  "entryPointExiftool": {
    object (FieldProvenance)
  },
  "compilationTime": {
    object (FieldProvenance)
  },
  "compilationExiftoolTime": {
    object (FieldProvenance)
  },
  "section": [
    {
      object (FileMetadataSectionProvenance)
    }
  ],
  "imports": [
    {
      object (FileMetadataImportsProvenance)
    }
  ],
  "resource": [
    {
      object (FileMetadataPeResourceInfoProvenance)
    }
  ],
  "resourcesTypeCount": [
    {
      object (StringToInt64MapEntryProvenance)
    }
  ],
  "resourcesLanguageCount": [
    {
      object (StringToInt64MapEntryProvenance)
    }
  ],
  "resourcesTypeCountStr": [
    {
      object (LabelProvenance)
    }
  ],
  "resourcesLanguageCountStr": [
    {
      object (LabelProvenance)
    }
  ],
  "signatureInfo": {
    object (FileMetadataSignatureInfoProvenance)
  }
}

Fields
`imphash`	`object (FieldProvenance)`
`entryPoint`	`object (FieldProvenance)`
`entryPointExiftool`	`object (FieldProvenance)`
`compilationTime`	`object (FieldProvenance)`
`compilationExiftoolTime`	`object (FieldProvenance)`
`section[]`	`object (FileMetadataSectionProvenance)`
`imports[]`	`object (FileMetadataImportsProvenance)`
`resource[]`	`object (FileMetadataPeResourceInfoProvenance)`
`resourcesTypeCount[] (deprecated)`	`object (StringToInt64MapEntryProvenance)` This item is deprecated!
`resourcesLanguageCount[] (deprecated)`	`object (StringToInt64MapEntryProvenance)` This item is deprecated!
`resourcesTypeCountStr[]`	`object (LabelProvenance)`
`resourcesLanguageCountStr[]`	`object (LabelProvenance)`
`signatureInfo (deprecated)`	`object (FileMetadataSignatureInfoProvenance)` This item is deprecated!

FileMetadataSectionProvenance

JSON representation

{
  "name": {
    object (FieldProvenance)
  },
  "entropy": {
    object (FieldProvenance)
  },
  "rawSizeBytes": {
    object (FieldProvenance)
  },
  "virtualSizeBytes": {
    object (FieldProvenance)
  },
  "md5Hex": {
    object (FieldProvenance)
  }
}

Fields
`name`	`object (FieldProvenance)`
`entropy`	`object (FieldProvenance)`
`rawSizeBytes`	`object (FieldProvenance)`
`virtualSizeBytes`	`object (FieldProvenance)`
`md5Hex`	`object (FieldProvenance)`

FileMetadataImportsProvenance

JSON representation
{ "library": { object (`FieldProvenance`) }, "functions": [ { object (`FieldProvenance`) } ] }

Fields
`library`	`object (FieldProvenance)`
`functions[]`	`object (FieldProvenance)`

FileMetadataPeResourceInfoProvenance

JSON representation

{
  "sha256Hex": {
    object (FieldProvenance)
  },
  "filetypeMagic": {
    object (FieldProvenance)
  },
  "languageCode": {
    object (FieldProvenance)
  },
  "entropy": {
    object (FieldProvenance)
  },
  "fileType": {
    object (FieldProvenance)
  }
}

Fields
`sha256Hex`	`object (FieldProvenance)`
`filetypeMagic`	`object (FieldProvenance)`
`languageCode`	`object (FieldProvenance)`
`entropy`	`object (FieldProvenance)`
`fileType`	`object (FieldProvenance)`

StringToInt64MapEntryProvenance

JSON representation
{ "key": { object (`FieldProvenance`) }, "value": { object (`FieldProvenance`) } }

Fields
`key`	`object (FieldProvenance)`
`value`	`object (FieldProvenance)`

FileMetadataSignatureInfoProvenance

JSON representation

{
  "verificationMessage": {
    object (FieldProvenance)
  },
  "verified": {
    object (FieldProvenance)
  },
  "signer": [
    {
      object (FieldProvenance)
    }
  ],
  "signers": [
    {
      object (SignerInfoProvenance)
    }
  ],
  "x509": [
    {
      object (X509Provenance)
    }
  ]
}

Fields
`verificationMessage`	`object (FieldProvenance)`
`verified`	`object (FieldProvenance)`
`signer[] (deprecated)`	`object (FieldProvenance)` This item is deprecated!
`signers[]`	`object (SignerInfoProvenance)`
`x509[]`	`object (X509Provenance)`

SignerInfoProvenance

JSON representation
{ "name": { object (`FieldProvenance`) }, "status": { object (`FieldProvenance`) }, "validUsage": { object (`FieldProvenance`) }, "certIssuer": { object (`FieldProvenance`) } }

Fields
`name`	`object (FieldProvenance)`
`status`	`object (FieldProvenance)`
`validUsage`	`object (FieldProvenance)`
`certIssuer`	`object (FieldProvenance)`

X509Provenance

JSON representation

{
  "name": {
    object (FieldProvenance)
  },
  "algorithm": {
    object (FieldProvenance)
  },
  "thumbprint": {
    object (FieldProvenance)
  },
  "certIssuer": {
    object (FieldProvenance)
  },
  "serialNumber": {
    object (FieldProvenance)
  }
}

Fields
`name`	`object (FieldProvenance)`
`algorithm`	`object (FieldProvenance)`
`thumbprint`	`object (FieldProvenance)`
`certIssuer`	`object (FieldProvenance)`
`serialNumber`	`object (FieldProvenance)`

PrevalenceProvenance

JSON representation

{
  "rollingMax": {
    object (FieldProvenance)
  },
  "dayCount": {
    object (FieldProvenance)
  },
  "rollingMaxSubDomains": {
    object (FieldProvenance)
  },
  "dayMax": {
    object (FieldProvenance)
  },
  "dayMaxSubDomains": {
    object (FieldProvenance)
  }
}

Fields
`rollingMax`	`object (FieldProvenance)`
`dayCount`	`object (FieldProvenance)`
`rollingMaxSubDomains`	`object (FieldProvenance)`
`dayMax`	`object (FieldProvenance)`
`dayMaxSubDomains`	`object (FieldProvenance)`

ExifInfoProvenance

JSON representation

{
  "originalFile": {
    object (FieldProvenance)
  },
  "product": {
    object (FieldProvenance)
  },
  "company": {
    object (FieldProvenance)
  },
  "fileDescription": {
    object (FieldProvenance)
  },
  "entryPoint": {
    object (FieldProvenance)
  },
  "compilationTime": {
    object (FieldProvenance)
  }
}

Fields
`originalFile`	`object (FieldProvenance)`
`product`	`object (FieldProvenance)`
`company`	`object (FieldProvenance)`
`fileDescription`	`object (FieldProvenance)`
`entryPoint`	`object (FieldProvenance)`
`compilationTime`	`object (FieldProvenance)`

SignatureInfoProvenance

JSON representation
{ "sigcheck": { object (`FileMetadataSignatureInfoProvenance`) }, "codesign": { object (`FileMetadataCodesignProvenance`) } }

Fields
`sigcheck`	`object (FileMetadataSignatureInfoProvenance)`
`codesign`	`object (FileMetadataCodesignProvenance)`

FileMetadataCodesignProvenance

JSON representation
{ "id": { object (`FieldProvenance`) }, "format": { object (`FieldProvenance`) }, "compilationTime": { object (`FieldProvenance`) }, "teamId": { object (`FieldProvenance`) } }

Fields
`id`	`object (FieldProvenance)`
`format`	`object (FieldProvenance)`
`compilationTime`	`object (FieldProvenance)`
`teamId`	`object (FieldProvenance)`

PDFInfoProvenance

JSON representation

{
  "js": {
    object (FieldProvenance)
  },
  "javascript": {
    object (FieldProvenance)
  },
  "launchActionCount": {
    object (FieldProvenance)
  },
  "objectStreamCount": {
    object (FieldProvenance)
  },
  "endobjCount": {
    object (FieldProvenance)
  },
  "header": {
    object (FieldProvenance)
  },
  "acroform": {
    object (FieldProvenance)
  },
  "autoaction": {
    object (FieldProvenance)
  },
  "embeddedFile": {
    object (FieldProvenance)
  },
  "encrypted": {
    object (FieldProvenance)
  },
  "flash": {
    object (FieldProvenance)
  },
  "jbig2Compression": {
    object (FieldProvenance)
  },
  "objCount": {
    object (FieldProvenance)
  },
  "endstreamCount": {
    object (FieldProvenance)
  },
  "pageCount": {
    object (FieldProvenance)
  },
  "streamCount": {
    object (FieldProvenance)
  },
  "openaction": {
    object (FieldProvenance)
  },
  "startxref": {
    object (FieldProvenance)
  },
  "suspiciousColors": {
    object (FieldProvenance)
  },
  "trailer": {
    object (FieldProvenance)
  },
  "xfa": {
    object (FieldProvenance)
  },
  "xref": {
    object (FieldProvenance)
  }
}

Fields
`js`	`object (FieldProvenance)`
`javascript`	`object (FieldProvenance)`
`launchActionCount`	`object (FieldProvenance)`
`objectStreamCount`	`object (FieldProvenance)`
`endobjCount`	`object (FieldProvenance)`
`header`	`object (FieldProvenance)`
`acroform`	`object (FieldProvenance)`
`autoaction`	`object (FieldProvenance)`
`embeddedFile`	`object (FieldProvenance)`
`encrypted`	`object (FieldProvenance)`
`flash`	`object (FieldProvenance)`
`jbig2Compression`	`object (FieldProvenance)`
`objCount`	`object (FieldProvenance)`
`endstreamCount`	`object (FieldProvenance)`
`pageCount`	`object (FieldProvenance)`
`streamCount`	`object (FieldProvenance)`
`openaction`	`object (FieldProvenance)`
`startxref`	`object (FieldProvenance)`
`suspiciousColors`	`object (FieldProvenance)`
`trailer`	`object (FieldProvenance)`
`xfa`	`object (FieldProvenance)`
`xref`	`object (FieldProvenance)`

FaviconProvenance

JSON representation
{ "rawMd5": { object (`FieldProvenance`) }, "dhash": { object (`FieldProvenance`) } }

Fields
`rawMd5`	`object (FieldProvenance)`
`dhash`	`object (FieldProvenance)`

NtfsFileMetadataProvenance

JSON representation

{
  "changeTime": {
    object (FieldProvenance)
  },
  "filenameCreateTime": {
    object (FieldProvenance)
  },
  "filenameModifyTime": {
    object (FieldProvenance)
  },
  "filenameAccessTime": {
    object (FieldProvenance)
  },
  "filenameChangeTime": {
    object (FieldProvenance)
  }
}

Fields
`changeTime`	`object (FieldProvenance)`
`filenameCreateTime`	`object (FieldProvenance)`
`filenameModifyTime`	`object (FieldProvenance)`
`filenameAccessTime`	`object (FieldProvenance)`
`filenameChangeTime`	`object (FieldProvenance)`

AssetProvenance

JSON representation

{
  "productObjectId": {
    object (FieldProvenance)
  },
  "hostname": {
    object (FieldProvenance)
  },
  "assetId": {
    object (FieldProvenance)
  },
  "ip": [
    {
      object (FieldProvenance)
    }
  ],
  "mac": [
    {
      object (FieldProvenance)
    }
  ],
  "natIp": [
    {
      object (FieldProvenance)
    }
  ],
  "firstSeenTime": {
    object (FieldProvenance)
  },
  "hardware": [
    {
      object (HardwareProvenance)
    }
  ],
  "platformSoftware": {
    object (PlatformSoftwareProvenance)
  },
  "software": [
    {
      object (SoftwareProvenance)
    }
  ],
  "location": {
    object (LocationProvenance)
  },
  "category": {
    object (FieldProvenance)
  },
  "type": {
    object (FieldProvenance)
  },
  "networkDomain": {
    object (FieldProvenance)
  },
  "creationTime": {
    object (FieldProvenance)
  },
  "firstDiscoverTime": {
    object (FieldProvenance)
  },
  "lastDiscoverTime": {
    object (FieldProvenance)
  },
  "systemLastUpdateTime": {
    object (FieldProvenance)
  },
  "lastBootTime": {
    object (FieldProvenance)
  },
  "labels": [
    {
      object (LabelProvenance)
    }
  ],
  "deploymentStatus": {
    object (FieldProvenance)
  },
  "vulnerabilities": [
    {
      object (VulnerabilityProvenance)
    }
  ],
  "attribute": {
    object (AttributeProvenance)
  }
}

Fields
`productObjectId`	`object (FieldProvenance)`
`hostname`	`object (FieldProvenance)`
`assetId`	`object (FieldProvenance)`
`ip[]`	`object (FieldProvenance)`
`mac[]`	`object (FieldProvenance)`
`natIp[]`	`object (FieldProvenance)`
`firstSeenTime`	`object (FieldProvenance)`
`hardware[]`	`object (HardwareProvenance)`
`platformSoftware`	`object (PlatformSoftwareProvenance)`
`software[]`	`object (SoftwareProvenance)`
`location`	`object (LocationProvenance)`
`category`	`object (FieldProvenance)`
`type`	`object (FieldProvenance)`
`networkDomain`	`object (FieldProvenance)`
`creationTime`	`object (FieldProvenance)`
`firstDiscoverTime`	`object (FieldProvenance)`
`lastDiscoverTime`	`object (FieldProvenance)`
`systemLastUpdateTime`	`object (FieldProvenance)`
`lastBootTime`	`object (FieldProvenance)`
`labels[]`	`object (LabelProvenance)`
`deploymentStatus`	`object (FieldProvenance)`
`vulnerabilities[]`	`object (VulnerabilityProvenance)`
`attribute`	`object (AttributeProvenance)`

HardwareProvenance

JSON representation

{
  "serialNumber": {
    object (FieldProvenance)
  },
  "manufacturer": {
    object (FieldProvenance)
  },
  "model": {
    object (FieldProvenance)
  },
  "cpuPlatform": {
    object (FieldProvenance)
  },
  "cpuModel": {
    object (FieldProvenance)
  },
  "cpuClockSpeed": {
    object (FieldProvenance)
  },
  "cpuMaxClockSpeed": {
    object (FieldProvenance)
  },
  "cpuNumberCores": {
    object (FieldProvenance)
  },
  "ram": {
    object (FieldProvenance)
  }
}

Fields
`serialNumber`	`object (FieldProvenance)`
`manufacturer`	`object (FieldProvenance)`
`model`	`object (FieldProvenance)`
`cpuPlatform`	`object (FieldProvenance)`
`cpuModel`	`object (FieldProvenance)`
`cpuClockSpeed`	`object (FieldProvenance)`
`cpuMaxClockSpeed`	`object (FieldProvenance)`
`cpuNumberCores`	`object (FieldProvenance)`
`ram`	`object (FieldProvenance)`

PlatformSoftwareProvenance

JSON representation
{ "platform": { object (`FieldProvenance`) }, "platformVersion": { object (`FieldProvenance`) }, "platformPatchLevel": { object (`FieldProvenance`) } }

Fields
`platform`	`object (FieldProvenance)`
`platformVersion`	`object (FieldProvenance)`
`platformPatchLevel`	`object (FieldProvenance)`

SoftwareProvenance

JSON representation

{
  "name": {
    object (FieldProvenance)
  },
  "version": {
    object (FieldProvenance)
  },
  "permissions": [
    {
      object (PermissionProvenance)
    }
  ],
  "description": {
    object (FieldProvenance)
  },
  "vendorName": {
    object (FieldProvenance)
  }
}

Fields
`name`	`object (FieldProvenance)`
`version`	`object (FieldProvenance)`
`permissions[]`	`object (PermissionProvenance)`
`description`	`object (FieldProvenance)`
`vendorName`	`object (FieldProvenance)`

VulnerabilityProvenance

JSON representation

{
  "about": {
    object (NounProvenance)
  },
  "name": {
    object (FieldProvenance)
  },
  "description": {
    object (FieldProvenance)
  },
  "vendor": {
    object (FieldProvenance)
  },
  "scanStartTime": {
    object (FieldProvenance)
  },
  "scanEndTime": {
    object (FieldProvenance)
  },
  "firstFound": {
    object (FieldProvenance)
  },
  "lastFound": {
    object (FieldProvenance)
  },
  "severity": {
    object (FieldProvenance)
  },
  "severityDetails": {
    object (FieldProvenance)
  },
  "cvssBaseScore": {
    object (FieldProvenance)
  },
  "cvssVector": {
    object (FieldProvenance)
  },
  "cvssVersion": {
    object (FieldProvenance)
  },
  "cveId": {
    object (FieldProvenance)
  },
  "cveDescription": {
    object (FieldProvenance)
  },
  "vendorVulnerabilityId": {
    object (FieldProvenance)
  },
  "vendorKnowledgeBaseArticleId": {
    object (FieldProvenance)
  }
}

Fields
`about`	`object (NounProvenance)`
`name`	`object (FieldProvenance)`
`description`	`object (FieldProvenance)`
`vendor`	`object (FieldProvenance)`
`scanStartTime`	`object (FieldProvenance)`
`scanEndTime`	`object (FieldProvenance)`
`firstFound`	`object (FieldProvenance)`
`lastFound`	`object (FieldProvenance)`
`severity`	`object (FieldProvenance)`
`severityDetails`	`object (FieldProvenance)`
`cvssBaseScore`	`object (FieldProvenance)`
`cvssVector`	`object (FieldProvenance)`
`cvssVersion`	`object (FieldProvenance)`
`cveId`	`object (FieldProvenance)`
`cveDescription`	`object (FieldProvenance)`
`vendorVulnerabilityId`	`object (FieldProvenance)`
`vendorKnowledgeBaseArticleId`	`object (FieldProvenance)`

ArtifactProvenance

JSON representation

{
  "ip": {
    object (FieldProvenance)
  },
  "prevalence": {
    object (PrevalenceProvenance)
  },
  "firstSeenTime": {
    object (FieldProvenance)
  },
  "lastSeenTime": {
    object (FieldProvenance)
  },
  "location": {
    object (LocationProvenance)
  },
  "network": {
    object (NetworkProvenance)
  },
  "asOwner": {
    object (FieldProvenance)
  },
  "asn": {
    object (FieldProvenance)
  },
  "jarm": {
    object (FieldProvenance)
  },
  "lastHttpsCertificate": {
    object (SSLCertificateProvenance)
  },
  "lastHttpsCertificateDate": {
    object (FieldProvenance)
  },
  "regionalInternetRegistry": {
    object (FieldProvenance)
  },
  "tags": [
    {
      object (FieldProvenance)
    }
  ],
  "whois": {
    object (FieldProvenance)
  },
  "whoisDate": {
    object (FieldProvenance)
  },
  "tunnels": [
    {
      object (TunnelsProvenance)
    }
  ],
  "anonymous": {
    object (FieldProvenance)
  },
  "artifactClient": {
    object (ArtifactClientProvenance)
  },
  "risks": [
    {
      object (FieldProvenance)
    }
  ]
}

Fields
`ip`	`object (FieldProvenance)`
`prevalence`	`object (PrevalenceProvenance)`
`firstSeenTime`	`object (FieldProvenance)`
`lastSeenTime`	`object (FieldProvenance)`
`location`	`object (LocationProvenance)`
`network`	`object (NetworkProvenance)`
`asOwner`	`object (FieldProvenance)`
`asn`	`object (FieldProvenance)`
`jarm`	`object (FieldProvenance)`
`lastHttpsCertificate`	`object (SSLCertificateProvenance)`
`lastHttpsCertificateDate`	`object (FieldProvenance)`
`regionalInternetRegistry`	`object (FieldProvenance)`
`tags[]`	`object (FieldProvenance)`
`whois`	`object (FieldProvenance)`
`whoisDate`	`object (FieldProvenance)`
`tunnels[]`	`object (TunnelsProvenance)`
`anonymous`	`object (FieldProvenance)`
`artifactClient`	`object (ArtifactClientProvenance)`
`risks[]`	`object (FieldProvenance)`

NetworkProvenance

JSON representation

{
  "sentBytes": {
    object (FieldProvenance)
  },
  "receivedBytes": {
    object (FieldProvenance)
  },
  "sentPackets": {
    object (FieldProvenance)
  },
  "receivedPackets": {
    object (FieldProvenance)
  },
  "sessionDuration": {
    object (FieldProvenance)
  },
  "sessionId": {
    object (FieldProvenance)
  },
  "parentSessionId": {
    object (FieldProvenance)
  },
  "applicationProtocolVersion": {
    object (FieldProvenance)
  },
  "communityId": {
    object (FieldProvenance)
  },
  "direction": {
    object (FieldProvenance)
  },
  "ipProtocol": {
    object (FieldProvenance)
  },
  "applicationProtocol": {
    object (FieldProvenance)
  },
  "ftp": {
    object (FtpProvenance)
  },
  "email": {
    object (EmailProvenance)
  },
  "dns": {
    object (DnsProvenance)
  },
  "dhcp": {
    object (DhcpProvenance)
  },
  "http": {
    object (HttpProvenance)
  },
  "tls": {
    object (TlsProvenance)
  },
  "smtp": {
    object (SmtpProvenance)
  },
  "asn": {
    object (FieldProvenance)
  },
  "dnsDomain": {
    object (FieldProvenance)
  },
  "carrierName": {
    object (FieldProvenance)
  },
  "organizationName": {
    object (FieldProvenance)
  },
  "ipSubnetRange": {
    object (FieldProvenance)
  },
  "isProxy": {
    object (FieldProvenance)
  },
  "proxyInfo": {
    object (ProxyInfoProvenance)
  }
}

Fields
`sentBytes`	`object (FieldProvenance)`
`receivedBytes`	`object (FieldProvenance)`
`sentPackets`	`object (FieldProvenance)`
`receivedPackets`	`object (FieldProvenance)`
`sessionDuration`	`object (FieldProvenance)`
`sessionId`	`object (FieldProvenance)`
`parentSessionId`	`object (FieldProvenance)`
`applicationProtocolVersion`	`object (FieldProvenance)`
`communityId`	`object (FieldProvenance)`
`direction`	`object (FieldProvenance)`
`ipProtocol`	`object (FieldProvenance)`
`applicationProtocol`	`object (FieldProvenance)`
`ftp`	`object (FtpProvenance)`
`email`	`object (EmailProvenance)`
`dns`	`object (DnsProvenance)`
`dhcp`	`object (DhcpProvenance)`
`http`	`object (HttpProvenance)`
`tls`	`object (TlsProvenance)`
`smtp`	`object (SmtpProvenance)`
`asn`	`object (FieldProvenance)`
`dnsDomain`	`object (FieldProvenance)`
`carrierName`	`object (FieldProvenance)`
`organizationName`	`object (FieldProvenance)`
`ipSubnetRange`	`object (FieldProvenance)`
`isProxy`	`object (FieldProvenance)`
`proxyInfo`	`object (ProxyInfoProvenance)`

FtpProvenance

JSON representation
{ "command": { object (`FieldProvenance`) } }

Fields
`command`	`object (FieldProvenance)`

EmailProvenance

JSON representation

{
  "from": {
    object (FieldProvenance)
  },
  "replyTo": {
    object (FieldProvenance)
  },
  "to": [
    {
      object (FieldProvenance)
    }
  ],
  "cc": [
    {
      object (FieldProvenance)
    }
  ],
  "bcc": [
    {
      object (FieldProvenance)
    }
  ],
  "mailId": {
    object (FieldProvenance)
  },
  "subject": [
    {
      object (FieldProvenance)
    }
  ],
  "bounceAddress": {
    object (FieldProvenance)
  }
}

Fields
`from`	`object (FieldProvenance)`
`replyTo`	`object (FieldProvenance)`
`to[]`	`object (FieldProvenance)`
`cc[]`	`object (FieldProvenance)`
`bcc[]`	`object (FieldProvenance)`
`mailId`	`object (FieldProvenance)`
`subject[]`	`object (FieldProvenance)`
`bounceAddress`	`object (FieldProvenance)`

DnsProvenance

JSON representation

{
  "id": {
    object (FieldProvenance)
  },
  "response": {
    object (FieldProvenance)
  },
  "opcode": {
    object (FieldProvenance)
  },
  "authoritative": {
    object (FieldProvenance)
  },
  "truncated": {
    object (FieldProvenance)
  },
  "recursionDesired": {
    object (FieldProvenance)
  },
  "recursionAvailable": {
    object (FieldProvenance)
  },
  "responseCode": {
    object (FieldProvenance)
  },
  "questions": [
    {
      object (QuestionProvenance)
    }
  ],
  "answers": [
    {
      object (ResourceRecordProvenance)
    }
  ],
  "authority": [
    {
      object (ResourceRecordProvenance)
    }
  ],
  "additional": [
    {
      object (ResourceRecordProvenance)
    }
  ]
}

Fields
`id`	`object (FieldProvenance)`
`response`	`object (FieldProvenance)`
`opcode`	`object (FieldProvenance)`
`authoritative`	`object (FieldProvenance)`
`truncated`	`object (FieldProvenance)`
`recursionDesired`	`object (FieldProvenance)`
`recursionAvailable`	`object (FieldProvenance)`
`responseCode`	`object (FieldProvenance)`
`questions[]`	`object (QuestionProvenance)`
`answers[]`	`object (ResourceRecordProvenance)`
`authority[]`	`object (ResourceRecordProvenance)`
`additional[]`	`object (ResourceRecordProvenance)`

QuestionProvenance

JSON representation
{ "name": { object (`FieldProvenance`) }, "type": { object (`FieldProvenance`) }, "class": { object (`FieldProvenance`) }, "prevalence": { object (`PrevalenceProvenance`) } }

Fields
`name`	`object (FieldProvenance)`
`type`	`object (FieldProvenance)`
`class`	`object (FieldProvenance)`
`prevalence`	`object (PrevalenceProvenance)`

ResourceRecordProvenance

JSON representation

{
  "name": {
    object (FieldProvenance)
  },
  "type": {
    object (FieldProvenance)
  },
  "class": {
    object (FieldProvenance)
  },
  "ttl": {
    object (FieldProvenance)
  },
  "data": {
    object (FieldProvenance)
  },
  "binaryData": {
    object (FieldProvenance)
  }
}

Fields
`name`	`object (FieldProvenance)`
`type`	`object (FieldProvenance)`
`class`	`object (FieldProvenance)`
`ttl`	`object (FieldProvenance)`
`data`	`object (FieldProvenance)`
`binaryData`	`object (FieldProvenance)`

DhcpProvenance

JSON representation

{
  "opcode": {
    object (FieldProvenance)
  },
  "htype": {
    object (FieldProvenance)
  },
  "hlen": {
    object (FieldProvenance)
  },
  "hops": {
    object (FieldProvenance)
  },
  "transactionId": {
    object (FieldProvenance)
  },
  "seconds": {
    object (FieldProvenance)
  },
  "flags": {
    object (FieldProvenance)
  },
  "ciaddr": {
    object (FieldProvenance)
  },
  "yiaddr": {
    object (FieldProvenance)
  },
  "siaddr": {
    object (FieldProvenance)
  },
  "giaddr": {
    object (FieldProvenance)
  },
  "chaddr": {
    object (FieldProvenance)
  },
  "sname": {
    object (FieldProvenance)
  },
  "file": {
    object (FieldProvenance)
  },
  "options": [
    {
      object (OptionProvenance)
    }
  ],
  "type": {
    object (FieldProvenance)
  },
  "leaseTimeSeconds": {
    object (FieldProvenance)
  },
  "clientHostname": {
    object (FieldProvenance)
  },
  "clientIdentifier": {
    object (FieldProvenance)
  },
  "requestedAddress": {
    object (FieldProvenance)
  },
  "clientIdentifierString": {
    object (FieldProvenance)
  }
}

Fields
`opcode`	`object (FieldProvenance)`
`htype`	`object (FieldProvenance)`
`hlen`	`object (FieldProvenance)`
`hops`	`object (FieldProvenance)`
`transactionId`	`object (FieldProvenance)`
`seconds`	`object (FieldProvenance)`
`flags`	`object (FieldProvenance)`
`ciaddr`	`object (FieldProvenance)`
`yiaddr`	`object (FieldProvenance)`
`siaddr`	`object (FieldProvenance)`
`giaddr`	`object (FieldProvenance)`
`chaddr`	`object (FieldProvenance)`
`sname`	`object (FieldProvenance)`
`file`	`object (FieldProvenance)`
`options[]`	`object (OptionProvenance)`
`type`	`object (FieldProvenance)`
`leaseTimeSeconds`	`object (FieldProvenance)`
`clientHostname`	`object (FieldProvenance)`
`clientIdentifier`	`object (FieldProvenance)`
`requestedAddress`	`object (FieldProvenance)`
`clientIdentifierString`	`object (FieldProvenance)`

OptionProvenance

JSON representation
{ "code": { object (`FieldProvenance`) }, "data": { object (`FieldProvenance`) } }

Fields
`code`	`object (FieldProvenance)`
`data`	`object (FieldProvenance)`

HttpProvenance

JSON representation

{
  "method": {
    object (FieldProvenance)
  },
  "referralUrl": {
    object (FieldProvenance)
  },
  "userAgent": {
    object (FieldProvenance)
  },
  "responseCode": {
    object (FieldProvenance)
  },
  "parsedUserAgent": {
    object (UserAgentProtoProvenance)
  }
}

Fields
`method`	`object (FieldProvenance)`
`referralUrl`	`object (FieldProvenance)`
`userAgent`	`object (FieldProvenance)`
`responseCode`	`object (FieldProvenance)`
`parsedUserAgent`	`object (UserAgentProtoProvenance)`

UserAgentProtoProvenance

This type has no fields.

TlsProvenance

JSON representation

{
  "client": {
    object (ClientProvenance)
  },
  "server": {
    object (ServerProvenance)
  },
  "cipher": {
    object (FieldProvenance)
  },
  "curve": {
    object (FieldProvenance)
  },
  "version": {
    object (FieldProvenance)
  },
  "versionProtocol": {
    object (FieldProvenance)
  },
  "established": {
    object (FieldProvenance)
  },
  "nextProtocol": {
    object (FieldProvenance)
  },
  "resumed": {
    object (FieldProvenance)
  }
}

Fields
`client`	`object (ClientProvenance)`
`server`	`object (ServerProvenance)`
`cipher`	`object (FieldProvenance)`
`curve`	`object (FieldProvenance)`
`version`	`object (FieldProvenance)`
`versionProtocol`	`object (FieldProvenance)`
`established`	`object (FieldProvenance)`
`nextProtocol`	`object (FieldProvenance)`
`resumed`	`object (FieldProvenance)`

ClientProvenance

JSON representation
{ "certificate": { object (`CertificateProvenance`) }, "ja3": { object (`FieldProvenance`) }, "serverName": { object (`FieldProvenance`) }, "supportedCiphers": [ { object (`FieldProvenance`) } ] }

Fields
`certificate`	`object (CertificateProvenance)`
`ja3`	`object (FieldProvenance)`
`serverName`	`object (FieldProvenance)`
`supportedCiphers[]`	`object (FieldProvenance)`

CertificateProvenance

JSON representation

{
  "version": {
    object (FieldProvenance)
  },
  "serial": {
    object (FieldProvenance)
  },
  "subject": {
    object (FieldProvenance)
  },
  "issuer": {
    object (FieldProvenance)
  },
  "md5": {
    object (FieldProvenance)
  },
  "sha1": {
    object (FieldProvenance)
  },
  "sha256": {
    object (FieldProvenance)
  },
  "notBefore": {
    object (FieldProvenance)
  },
  "notAfter": {
    object (FieldProvenance)
  }
}

Fields
`version`	`object (FieldProvenance)`
`serial`	`object (FieldProvenance)`
`subject`	`object (FieldProvenance)`
`issuer`	`object (FieldProvenance)`
`md5`	`object (FieldProvenance)`
`sha1`	`object (FieldProvenance)`
`sha256`	`object (FieldProvenance)`
`notBefore`	`object (FieldProvenance)`
`notAfter`	`object (FieldProvenance)`

ServerProvenance

JSON representation
{ "certificate": { object (`CertificateProvenance`) }, "ja3s": { object (`FieldProvenance`) } }

Fields
`certificate`	`object (CertificateProvenance)`
`ja3s`	`object (FieldProvenance)`

SmtpProvenance

JSON representation

{
  "helo": {
    object (FieldProvenance)
  },
  "mailFrom": {
    object (FieldProvenance)
  },
  "rcptTo": [
    {
      object (FieldProvenance)
    }
  ],
  "serverResponse": [
    {
      object (FieldProvenance)
    }
  ],
  "messagePath": {
    object (FieldProvenance)
  },
  "isWebmail": {
    object (FieldProvenance)
  },
  "isTls": {
    object (FieldProvenance)
  }
}

Fields
`helo`	`object (FieldProvenance)`
`mailFrom`	`object (FieldProvenance)`
`rcptTo[]`	`object (FieldProvenance)`
`serverResponse[]`	`object (FieldProvenance)`
`messagePath`	`object (FieldProvenance)`
`isWebmail`	`object (FieldProvenance)`
`isTls`	`object (FieldProvenance)`

ProxyInfoProvenance

JSON representation

{
  "anonymous": {
    object (FieldProvenance)
  },
  "anonymousVpn": {
    object (FieldProvenance)
  },
  "publicProxy": {
    object (FieldProvenance)
  },
  "torExitNode": {
    object (FieldProvenance)
  },
  "smartDnsProxy": {
    object (FieldProvenance)
  },
  "hostingProvider": {
    object (FieldProvenance)
  },
  "vpnDatacenter": {
    object (FieldProvenance)
  },
  "residentialProxy": {
    object (FieldProvenance)
  },
  "vpnServiceName": {
    object (FieldProvenance)
  },
  "proxyOverVpn": {
    object (FieldProvenance)
  },
  "relayProxy": {
    object (FieldProvenance)
  }
}

Fields
`anonymous`	`object (FieldProvenance)`
`anonymousVpn`	`object (FieldProvenance)`
`publicProxy`	`object (FieldProvenance)`
`torExitNode`	`object (FieldProvenance)`
`smartDnsProxy`	`object (FieldProvenance)`
`hostingProvider`	`object (FieldProvenance)`
`vpnDatacenter`	`object (FieldProvenance)`
`residentialProxy`	`object (FieldProvenance)`
`vpnServiceName`	`object (FieldProvenance)`
`proxyOverVpn`	`object (FieldProvenance)`
`relayProxy`	`object (FieldProvenance)`

SSLCertificateProvenance

This type has no fields.

TunnelsProvenance

JSON representation
{ "provider": { object (`FieldProvenance`) }, "type": { object (`FieldProvenance`) } }

Fields
`provider`	`object (FieldProvenance)`
`type`	`object (FieldProvenance)`

ArtifactClientProvenance

JSON representation
{ "behaviors": [ { object (`FieldProvenance`) } ], "proxies": [ { object (`FieldProvenance`) } ] }

Fields
`behaviors[]`	`object (FieldProvenance)`
`proxies[]`	`object (FieldProvenance)`

UdmProvenance Stay organized with collections Save and categorize content based on your preferences.

NounProvenance

FieldProvenance

UserProvenance

LocationProvenance

GoogleTypeLatLngProvenance

AttributeProvenance

LabelProvenance

PermissionProvenance

RoleProvenance

TimeOffProvenance

ProcessProvenance

FileProvenance

FileMetadataProvenance

PeFileMetadataProvenance

SecurityResultProvenance

Unsupported

AnalyticsMetadataProvenance

AttackDetailsProvenance

TacticProvenance

TechniqueProvenance

AssociationProvenance

AssociationAliasProvenance

VerdictProvenance

ProviderMLVerdictProvenance

SourceProvenance

AnalystVerdictProvenance

VerdictInfoProvenance

IoCStatsProvenance

ThreatCollectionItemProvenance

FileMetadataPEProvenance

FileMetadataSectionProvenance

FileMetadataImportsProvenance

FileMetadataPeResourceInfoProvenance

StringToInt64MapEntryProvenance

FileMetadataSignatureInfoProvenance

SignerInfoProvenance

X509Provenance

PrevalenceProvenance

ExifInfoProvenance

SignatureInfoProvenance

FileMetadataCodesignProvenance

PDFInfoProvenance

FaviconProvenance

NtfsFileMetadataProvenance

AssetProvenance

HardwareProvenance

PlatformSoftwareProvenance

SoftwareProvenance

VulnerabilityProvenance

ArtifactProvenance

NetworkProvenance

FtpProvenance

EmailProvenance

DnsProvenance

QuestionProvenance

ResourceRecordProvenance

DhcpProvenance

OptionProvenance

HttpProvenance

UserAgentProtoProvenance

TlsProvenance

ClientProvenance

CertificateProvenance

ServerProvenance

SmtpProvenance

ProxyInfoProvenance

SSLCertificateProvenance

TunnelsProvenance

ArtifactClientProvenance

UdmProvenance