SearchResult

Search result parse from the NetworkEvent, passed back to the client from LeagacySearchAssetEvents.

JSON representation 
{
  "event_time": string,
  "___domain": string,
  "chip": {
    object (Chip)
  },
  "http_details": [
    {
      object (HttpDetails)
    }
  ],
  "resolved_ip_addresses": [
    string
  ],
  "customer_prevalence": integer,
  "filter_properties": {
    object (FilterProperties)
  },
  "raw_logs_token": string,
  "sidebar_entries": [
    {
      object (SidebarEntry)
    }
  ],
  "asset_indicator": {
    object (AssetIndicator)
  }
}
Fields
event_time

string (Timestamp format)

Date/time of lookup (i.e. not the time that the event was ingested).

Uses RFC 3339, where generated output will always be Z-normalized and uses 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples: "2014-10-02T15:01:23Z", "2014-10-02T15:01:23.045123456Z" or "2014-10-02T15:01:23+05:30".
___domain

string

Domain name looked up (i.e. "foo.bad-actor.com" or "foocompany.com").
chip

object (Chip)

The chip to display.
http_details[]

object (HttpDetails)

Additional details about HTTP requests associated with this lookup.
resolved_ip_addresses[]

string

Either IPv4 or IPv6 results. Limited to a max of 5 results. We may want to annotate them with badges if the IPs are in a known IP space (CDN, AWS, Google Cloud, Rackspace, etc).
customer_prevalence

integer

The prevalence of the ___domain within the customer's environment, defined for v1 as the number of unique assets per day looking up the ___domain name over the trailing 10 days.
filter_properties

object (FilterProperties)

A list of filter properties associated the event.
raw_logs_token

string

A token to request raw logs, this is opaque to the client. If empty, no raw logs can be requested.
sidebar_entries[]

object (SidebarEntry)

All the sidebar entries.
asset_indicator

object (AssetIndicator)

AssetIndicator used for pivoting.