Method: legacy.legacyFindRawLogs

{
  "timestamp": string,
  "collectionTime": string,
  "ingestedTime": string,
  "source": {
    object (EventSource)
  },
  "rawLogIndex": integer,
  "disambiguationKey": string,
  "siEventData": {
    object (SIEventData)
  },
  "idm": {
    object (IDM)
  },
  "isDuplicate": boolean,

  // Union field payload can be only one of the following:
  "stats": {
    object (StatsEvent)
  },
  "dns": {
    object (DnsEvent)
  },
  "dhcp": {
    object (DhcpEvent)
  },
  "alert": {
    object (AlertEvent)
  },
  "webproxy": {
    object (WebProxyEvent)
  },
  "edr": {
    object (EdrEvent)
  },
  "ioc": {
    object (IocEvent)
  },
  "whoisRecord": {
    object (WhoisRecord)
  },
  "assetInfo": {
    object (AssetInfo)
  },
  "binary": {
    object (BinaryInfo)
  },
  "agentStats": {
    object (AgentStatsEvent)
  }
  // End of list of possible types for union field payload.
}

{
  "client": {
    object (Device)
  },
  "server": {
    object (Device)
  },
  "class": enum (DnsEventClass),
  "queryingIpTtl": integer,
  "id": integer,
  "response": boolean,
  "opcode": integer,
  "authoritative": boolean,
  "truncated": boolean,
  "recursionDesired": boolean,
  "recursionAvailable": boolean,
  "responseCode": integer,
  "questions": [
    {
      object (DnsQuestion)
    }
  ],
  "answers": [
    {
      object (DnsRR)
    }
  ],
  "authority": [
    {
      object (DnsRR)
    }
  ],
  "additional": [
    {
      object (DnsRR)
    }
  ],
  "action": enum (Action),
  "summary": {
    object (DnsSummary)
  }
}

{
  "hostname": string,
  "ipAddresses": [
    string
  ],
  "mac": [
    string
  ],
  "onEnterpriseNetwork": boolean,
  "productIdentifierType": string,
  "productIdentifierValue": string,
  "namespace": string
}

{
  "name": string,
  "type": integer,
  "class": integer
}

{
  "name": string,
  "type": integer,
  "class": integer,
  "ttl": integer,
  "data": string
}

{
  "queries": [
    {
      object (Query)
    }
  ],
  "edr": {
    object (EdrEvent)
  }
}

{
  "name": string,
  "ipAddresses": [
    string
  ],
  "url": string,
  "md5": string,
  "sha256": string,
  "filename": string,
  "httpDetails": {
    object (HttpDetails)
  },
  "networkConnectionDetails": {
    object (NetworkConnectionDetails)
  }
}

{
  "status": enum (Action)
}

{
  "client": {
    object (Device)
  },
  "server": {
    object (Device)
  },
  "dataSource": enum (Product),
  "rawEventName": string,
  "category": enum (Category),
  "processIdType": string,
  "processIdValue": string,
  "processFilename": string,
  "processMd5": string,
  "processSha256": string,
  "currentProcess": {
    object (ProcessDetails)
  },
  "targetProcess": {
    object (ProcessDetails)
  },
  "childProcess": {
    object (ProcessDetails)
  },
  "parentProcess": {
    object (ProcessDetails)
  },
  "targetFile": {
    object (FileDetails)
  },
  "sourceFile": {
    object (FileDetails)
  },
  "user": {
    object (UserDetails)
  },
  "firewall": {
    object (FirewallDetails)
  },
  "service": {
    object (ServiceDetails)
  },
  "share": {
    object (ShareDetails)
  },
  "registry": {
    object (RegistryDetails)
  },
  "device": {
    object (DeviceDetails)
  },
  "uac": {
    object (UACDetails)
  },
  "task": {
    object (TaskDetails)
  },
  "volume": {
    object (VolumeDetails)
  },

  // Union field event_details can be only one of the following:
  "network": {
    object (EdrNetworkEvent)
  },
  "alert": {
    object (AlertEvent)
  },
  "mapping": {
    object (EdrMappingEvent)
  }
  // End of list of possible types for union field event_details.
}

{
  "direction": enum (Direction),
  "targetIp": string,
  "targetDomain": string,
  "clientPort": integer,
  "targetPort": integer,
  "processFilename": string,
  "processMd5": string,
  "processSha256": string,
  "processIdType": string,
  "processIdValue": string,
  "protocol": integer
}

{
  "devices": [
    {
      object (Device)
    }
  ],
  "rawAlertMessage": string,
  "sourceProduct": string,
  "alertShortName": string,
  "severity": enum (AlertSeverity),
  "rawSeverity": string,
  "isSignificant": boolean,
  "hashMd5": string,
  "hashSha1": string,
  "hashSha256": string
}

{
  "type": enum (MappingType)
}

{
  "processId": string,
  "rawPid": string,
  "processFile": {
    object (FileDetails)
  },
  "fullCommandLine": string,
  "userName": {
    object (UserDetails)
  },
  "accessMask": string
}

{
  "fileName": string,
  "fullPath": string,
  "hashMd5": string,
  "hashSha256": string,
  "hashSha1": string
}

{
  "userName": string,
  "authenticationId": string,
  "userPrincipal": string,
  "userSid": string
}

{
  "firewallRule": string,
  "firewallRuleId": string,
  "firewallOption": string
}

{
  "serviceName": string,
  "serviceUser": string
}

{
  "shareName": string
}

{
  "regObjectName": string,
  "regValueName": string,
  "regStringValue": string
}

{
  "productName": string,
  "deviceName": string
}

{
  "exeToValidate": string,
  "dllToValidate": string,
  "commandLineToValidate": string,
  "applicationNameToValidate": string,
  "msiProductName": string,
  "msiPackagePath": string,
  "comFriendlyName": string,
  "comServerBinary": string,
  "comRequestorPath": string,
  "axisInstallPoint": string,
  "axisUrl": string
}

{
  "taskName": string,
  "taskAuthor": string,
  "taskCommand": {
    object (ProcessDetails)
  }
}

{
  "volumeName": string,
  "volumeDevice": {
    object (DeviceDetails)
  },
  "volumeMountPoint": string
}

{
  "client": {
    object (Device)
  },
  "server": {
    object (Device)
  },
  "class": enum (DhcpEventClass),
  "op": enum (DhcpOp),
  "htype": enum (DhcpHType),
  "hlen": integer,
  "hops": integer,
  "xid": integer,
  "secs": integer,
  "flags": integer,
  "ciaddr": string,
  "yiaddr": string,
  "siaddr": string,
  "giaddr": string,
  "chaddr": string,
  "sname": string,
  "file": string,
  "options": [
    {
      object (DhcpOption)
    }
  ],
  "optType": enum (MessageType),
  "optHostname": string,
  "optLeaseTime": integer,
  "optRequestedAddress": string,
  "optClientIdentifier": string
}

{
  "type": enum (DhcpOptionType),
  "data": string
}

{
  "client": {
    object (Device)
  },
  "clientPort": integer,
  "server": {
    object (Device)
  },
  "target": {
    object (Device)
  },
  "targetPort": integer,
  "protocol": enum (HttpProtocol),
  "request": {
    object (Request)
  },
  "response": {
    object (Response)
  },
  "action": enum (Action),
  "blockReason": string,
  "userIdentifier": string
}

{
  "method": enum (HttpMethod),
  "resource": string,
  "userAgent": string,
  "referer": string
}

{
  "code": integer,
  "size": string,
  "hashMd5": string
}

{
  "domainName": string,
  "registrarName": string,
  "contactEmail": string,
  "whoisServer": string,
  "nameServer": [
    string
  ],
  "creationTime": string,
  "updateTime": string,
  "expirationTime": string,
  "auditUpdateTime": string,
  "status": string,
  "registrant": {
    object (Contact)
  },
  "adminContact": {
    object (Contact)
  },
  "techContact": {
    object (Contact)
  },
  "billingContact": {
    object (Contact)
  },
  "zoneContact": {
    object (Contact)
  },
  "whoisRecordRawText": string,
  "registryDataRawText": string,
  "ianaRegistrarId": integer,
  "privateRegistration": boolean
}

{
  "emailAddress": string,
  "name": string,
  "organization": string,
  "phoneNumber": string,
  "phoneNumberExt": string,
  "faxNumber": string,
  "faxNumberExt": string,
  "address": {
    object (Address)
  },
  "rawText": string
}

{
  "country": string,
  "street": [
    string
  ],
  "city": string,
  "state": string,
  "postalCode": string
}

{
  "client": {
    object (Device)
  },
  "operatingSystem": string,
  "vulnerabilities": [
    {
      object (AssetVulnerability)
    }
  ]
}

{
  "name": string,
  "description": string,
  "scanStartTime": string,
  "scanEndTime": string,
  "firstFound": string,
  "lastFound": string,
  "severity": string,
  "cvssBaseScore": number,
  "cvssVector": string,
  "cvssVersion": string
}

{
  "hashMd5": string,
  "hashSha256": string,
  "hashSha1": string,
  "sizeBytes": string,
  "mimeType": string,
  "type": enum (FileType),
  "version": {
    object (VersionInfo)
  },
  "sign": {
    object (SigningInfo)
  }
}

{
  "companyName": string,
  "fileDescription": string,
  "fileVersion": string,
  "internalName": string,
  "originalName": string,
  "productName": string,
  "productVersion": string
}

{
  "status": enum (SignStatus),
  "subject": string,
  "issuer": string
}

{
  "customerId": string,
  "collectorId": string,
  "filename": string,
  "namespace": string,
  "labels": [
    {
      object (Label)
    }
  ]
}

{
  "batchId": string,
  "rawLogType": enum (LogType),
  "snippet": string,
  "rawLogIndex": integer,
  "disambiguationKey": string,
  "eventType": enum (EventType),
  "timestamp": string,
  "replayTime": string,
  "ttrKeys": {
    object (TtrKeyInfo)
  }
}

{
  "shardNumber": integer,
  "fullKtupleHash": string,
  "sourceType": enum (EventType),
  "cellTimeGranular": string,
  "hashOfRawEventData": string
}

{
  "readOnlyUdm": {
    object (UDM)
  },
  "filteredUdm": {
    object (UDM)
  },
  "context": {
    object (Noun)
  },
  "entity": {
    object (Entity)
  },
  "isAlert": boolean,
  "isSignificant": boolean,
  "baseLabels": {
    object (DataAccessLabels)
  },
  "enrichmentLabels": {
    object (DataAccessLabels)
  },
  "enrichmentProvenances": [
    {
      object (EnrichmentProvenance)
    }
  ],
  "assetEnrichmentInfo": {
    object (EnrichmentInfo)
  },
  "userEnrichmentInfo": {
    object (EnrichmentInfo)
  },
  "processEnrichmentInfo": {
    object (EnrichmentInfo)
  },
  "vtFilemetadataEnrichmentInfo": {
    object (EnrichmentInfo)
  },
  "geoipEnrichmentInfo": {
    object (EnrichmentInfo)
  },
  "udmProvenance": {
    object (UdmProvenance)
  }
}

{
  "enrichmentStatus": enum (EnrichmentStatus)
}

{
  "rawLogs": [
    {
      object (RawLog)
    }
  ]
}

{
  "timestamp": string,
  "sourceProduct": string,
  "logBytes": string,
  "searchResults": [
    {
      object (Range)
    }
  ],
  "type": enum (LogType)
}

{
  "start": string,
  "end": string
}