GET /siem/offenses_ocsf
Retrieve a list of offenses currently in the system in OCSF format.
Retrieve a list of offenses currently in the system in OCSF format.
| MIME Type |
|---|
application/json |
| Parameter | Type | Optionality | Data Type | MIME Type | Description |
|---|---|---|---|---|---|
Range |
header |
Optional |
String |
text/plain |
Optional - Use this parameter to restrict the number of elements that are returned in the list to a specified range. The list is indexed starting at zero. |
| HTTP Response Code | Unique Code | Description |
|---|---|---|
200 |
The offense list was retrieved. |
|
422 |
1005 |
A request parameter is not valid. |
500 |
1020 |
An error occurred while the offense list was being retrieved. |
Response Description
An array of Offense objects in OCSF format.
Tip: Large result sets might take a long time to retrieve.
You can use the Range header parameter to limit the result set and speed up retrieval.
For example, you set the parameter to "Range: items=50-99" to retrieve only the second 50 offenses.
An Offense object in OCSF format contains the following fields:
- metadata - Object - Contains information about the log metadata.
- modified_time - Long - The timestamp representing the last modification time of the log entry.
- product - Object - Describes the characteristics of the product generating the log.
name String - The name of the product. vendor_name String - The vendor providing the product. lang String - The language of the product. - loggers - Array of Objects - Lists the loggers involved in generating the log entry.
uid - String - A unique identifier for the logger. log_name String - The name of the logger. log_provider String - The provider of the logger. - version - String - The version of the metadata schema.
- log_provider - String - The provider of the logs.
- correlation_uid - String - A unique identifier for correlating offenses.
- original_time - Long - The original timestamp of the log entry.
- log_name - String - The name of the log, e.g., "Offense".
- tenant_uid - String - The identifier for the tenant associated with the log.
- risk_level - String - Indicates the level of risk.
- risk_level_id - Integer - A numerical identifier representing the risk level.
- impact_id - Integer - A numerical identifier for the impact level.
- type_name - String - The type of finding, e.g., "Detection Finding: Close".
- confidence_id - Integer - A numerical identifier for the confidence score.
- class_name - String - The class of finding, e.g., "Detection Finding".
- category_name - String - The category of the finding, e.g., "Findings".
- duration - Long - The duration associated with the finding, in milliseconds.
- type_uid - Integer - A unique identifier for the type of finding.
- confidence_score - Integer - The confidence score of the finding.
- observables - Array of Objects - Details the observables detected in the finding.
- name - String - The name of the observable, e.g., "src_ip_address".
- type_id - Integer - A numerical identifier for the type of observable.
- type - String - The type of observable.
- value - String - The value of the observable.
- event_time - Long - The timestamp for the event.
- start_time - Long - The timestamp indicating the start time of the finding.
- category_uid - Integer - A unique identifier for the category.
- finding_info - Object - Contains detailed information about the finding.
- modified_time - Long - The timestamp representing the last modification time of the finding.
- last_seen_time - Long - The timestamp of when the finding was last observed.
- title - String - A brief title describing the finding.
- uid - String - A unique identifier for the finding.
- related_analytics - Array of Objects - Analytics related to the finding.
uid String - A unique identifier for the analytics rule. name String - The name of the analytics rule. type_id Integer - A numerical identifier for the type of rule. type String - The type of analytics rule, e.g., "CRE_RULE". desc String - A description of the analytics rule. - first_seen_time - Long - The timestamp when the finding was first observed.
- created_time - Long - The timestamp when the finding was created.
- data_sources - Array of Strings - Lists the sources that contributed to the finding.
- desc - String - A description of the finding, e.g., "Local SSH Scanner Detected containing ET SCAN Potential SSH Scan".
- risk_score - Integer - A numerical representation of the risk level associated with the finding.
- evidences - Array of Objects - Evidence supporting the finding.
- src_endpoint - Object - Details about the source endpoint. ip - String - The source IP address.
- src_endpoint - Object - Details about the source endpoint's network interface. interface_uid - String - The identifier for the source network interface.
- dst_endpoint - Object - Details about the destination endpoint. ip - String - The destination IP address.
- dst_endpoint - Object - Details about the destination endpoint's network interface. interface_uid - String - The identifier for the destination network interface.
- severity_id - Integer - A numerical identifier for the severity level.
- severity - String - The severity level of the finding, e.g., "Low".
- malware - Array of Objects - Malware classifications associated with the finding.
- classifications - Array of Strings - Lists the classifications of the malware.
- classification_ids - Array of Integers - Numerical identifiers for the classifications.
- confidence - String - The confidence level of the finding, e.g., "Low".
- impact - String - The impact level of the finding, e.g., "Low".
- count - Integer - The number of occurrences of the finding.
- activity_name - String - The name of the activity associated with the finding, e.g., "Close".
- message - String - The detailed message describing the finding.
- activity_id - Integer - A numerical identifier for the activity.
- status_id - Integer - A numerical identifier for the status.
- end_time - Long - The timestamp representing the end time of the finding.
- impact_score - Integer - A score representing the impact level.
- class_uid - Integer - A unique identifier for the class.
- enrichments - Array of Objects - Enrichments related to the finding.
- data - String - The enrichment data.
- provider - String - The provider of the enrichment.
- name - String - The name of the enrichment.
- short_desc - String - A short description of the enrichment.
- type - String - The type of enrichment.
- value - String - The value of the enrichment.
- desc - String - A description of the enrichment.
- status - String - The current status of the finding, e.g., "Resolved".
- status_code - String - The code representing the status, e.g., "CLOSED".
Response Sample
[{"metadata": {"modified_time": 42, "product": {"uid": "String", "path": "String", "feature": {"uid": "String", "name": "String", "version": "String"},
"name": "String", "cpe_name": "String", "url_string": "String", "vendor_name": "String", "lang": "String", "version": "String"},
"loggers": [{"uid": "String", "product": {"uid": "String", "path": "String", "feature": {"uid": "String", "name": "String", "version": "String"},
"name": "String", "cpe_name": "String", "url_string": "String", "vendor_name": "String", "lang": "String", "version": "String"}, "log_name": "String",
"log_level": "String", "name": "String", "logged_time": 42, "log_version": "String", "transmit_time": 42, "device": {"modified_time": 42,
"subnet": "String", "risk_level": "String", "risk_level_id": 42, "interface_uid": "String", "type": "String", "mac": "String",
"is_compliant": true, "instance_uid": "String", "uid": "String", "hostname": "String", "vpc_uid": "String", "zone": "String",
"hypervisor": "String", "created_time": 42, "vlan_uid": "String", "agent_list": [{"uid": "String", "uid_alt": 42, "name": "String",
"policies": [{"uid": "String", "name": "String", "is_applied": true, "type": "String", "version": "String", "group": {"uid": "String",
"privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}, "desc": "String"}], "type_id": 42,
"vendor_name": 42, "type": "String", "version": "String"}], "interface_name": "String", "risk_score": 42, "is_trusted": true,
"owner": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String",
"name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String",
"privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String",
"ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String",
"ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42,
"office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String",
"country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String",
"geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String",
"name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}},
"last_seen_time": 42, "boot_time": 42, "os": {"country": "String", "sp_name": "String", "build": "String", "cpu_bits": 42, "name": "String",
"cpe_name": "String", "edition": "String", "type_id": 42, "lang": "String", "type": "String", "version": "String", "sp_ver": 42}, "uid_alt": "String",
"org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "ip": "String", "groups": [{"uid": "String", "privileges": ["String"],
"domain": "String", "name": "String", "type": "String", "desc": "String"}], "is_personal": true, "is_managed": true, "network_interfaces": [{"uid": "String",
"hostname": "String", "subnet_prefix": 42, "ip": "String", "name": "String", "namespace": "String", "type_id": 42, "type": "String", "mac": "String"}],
"autoscale_uid": "String", "first_seen_time": 42, "domain": "String", "subnet_uid": "String", "name": "String", "imei": "String",
"location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String",
"latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "type_id": 42,
"hw_info": {"cpu_type": "String", "serial_number": "String", "cpu_speed": 42, "desktop_display": {"physical_width": 42, "physical_height": 42,
"scale_factor": 42, "color_depth": 42, "physical_orientation": 42}, "chassis": "String", "ram_size": 42, "cpu_cores": 42, "cpu_bits": 42,
"bios_manufacturer": "String", "bios_ver": "String", "bios_date": "String", "keyboard_info": {"ime": "String", "keyboard_layout": "String",
"keyboard_type": "String", "function_keys": 42, "keyboard_subtype": 42}, "cpu_count": 42}, "region": "String", "desc": "String"},
"version": "String", "log_provider": "String"}], "profiles": ["String"], "logged_time": 42, "version": "String", "labels": ["String"],
"log_provider": "String", "processed_time": 42, "correlation_uid": "String", "event_code": "String", "uid": "String",
"original_time": 42, "sequence": 42, "extensions": [{"uid": "String", "name": "String", "version": "String"}], "log_name": "String",
"log_level": "String", "tenant_uid": "String", "log_version": "String"}, "risk_level": "String", "risk_level_id": 42, "impact_id": 42,
"type_name": "String", "status_detail": "String", "confidence_id": 42, "class_name": "String", "raw_data": "String", "category_name": "String",
"duration": 42, "type_uid": 42, "remediation": {"references": ["String"], "kb_articles": [{"severity": "String", "product": {"uid": "String",
"path": "String", "feature": {"uid": "String", "name": "String", "version": "String"}, "name": "String", "cpe_name": "String", "url_string": "String",
"vendor_name": "String", "lang": "String", "version": "String"}, "os": {"country": "String", "sp_name": "String", "build": "String", "cpu_bits": 42,
"name": "String", "cpe_name": "String", "edition": "String", "type_id": 42, "lang": "String", "type": "String", "version": "String", "sp_ver": 42},
"avg_timespan": {"duration_days": 42, "duration": 42, "duration_hours": 42, "duration_weeks": 42, "duration_months": 42, "duration_years": 42,
"duration_secs": 42, "type_id": 42, "duration_mins": 42, "type": "String"}, "title": "String", "classification": "String", "uid": "String",
"install_state": "String", "is_superseded": true, "size": 42, "install_state_id": 42, "src_url": "String", "created_time": 42, "bulletin": "String"}],
"desc": "String"}, "confidence_score": 42, "observables": [{"name": "String", "reputation": {"score_id": 42, "score": "String", "provider": "String",
"base_score": 42.5}, "type_id": 42, "type": "String", "value": "String"}], "timezone_offset": 42, "risk_details": "String", "event_time": 42,
"start_time": 42, "category_uid": 42, "finding_info": {"kill_chain": {"phase": "String", "phase_id": 42}, "modified_time": 42, "last_seen_time": 42,
"types": ["String"], "title": "String", "uid": "String", "related_analytics": [{"uid": "String", "name": "String", "type_id": 42, "category": "String",
"type": "String", "version": "String", "desc": "String"}], "attacks": [{"tactics": {"uid": "String", "name": "String", "src_url": "String"},
"technique": {"uid": "String", "name": "String", "src_url": "String"}, "sub_technique": {"uid": "String", "name": "String", "src_url": "String"},
"version": "String"}], "first_seen_time": 42, "related_events": [{"type_uid": 42, "kill_chain": {"phase": "String", "phase_id": 42}, "uid": "String",
"observables": [{"name": "String", "reputation": {"score_id": 42, "score": "String", "provider": "String", "base_score": 42.5}, "type_id": 42,
"type": "String", "value": "String"}], "attacks": [{"tactics": {"uid": "String", "name": "String", "src_url": "String"}, "technique": {"uid": "String",
"name": "String", "src_url": "String"}, "sub_technique": {"uid": "String", "name": "String", "src_url": "String"}, "version": "String"}], "type": "String",
"product_uid": "String"}], "src_url": "String", "created_time": 42, "analytic": {"uid": "String", "name": "String", "type_id": 42, "category": "String",
"type": "String", "version": "String", "desc": "String"}, "product_uid": "String", "data_sources": ["String"], "desc": "String"}, "risk_score": 42,
"evidences": [{"container": {"network_driver": "String", "uid": "String", "orchestrator": "String", "image": {"uid": "String", "path": "String",
"name": "String", "tag": "String", "labels": ["String"]}, "size": 42, "name": "String", "runtime": "String", "tag": "String", "pod_uuid": "String",
"hash": {"value": "String", "algorithm": "String", "algorithm_id": 42}}, "data": "String", "databucket": {"modified_time": 42, "uid": "String",
"file": {"modified_time": 42, "security_descriptor": "String", "confidentiality_id": 42, "signature": {"serial_number": "String", "issuer_name": "String",
"company_name": "String", "digest": {"value": "String", "algorithm": "String", "algorithm_id": 42}, "developer_uid": "String", "created_time": 42,
"algorithm_id": 42, "algorithm": "String"}, "confidentiality": "String", "modifier": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String",
"risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String",
"privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String",
"ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String",
"ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42,
"office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String",
"is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region":
"String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42,
"risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "company_name": "String",
"accessor": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String",
"ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String",
"type": "String", "desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object,
"cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"],
"labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42,
"location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String",
"latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42},
"domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String",
"type_id": 42, "type": "String", "labels": ["String"]}}, "mime_type": "String", "type": "String", "accessed_time": 42, "uid": "String",
"path": "String", "parent_folder": "String", "created_time": 42, "owner": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String",
"risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String",
"privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String",
"ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String",
"ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42,
"office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String",
"is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String",
"region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42,
"risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "product": {"uid": "String",
"path": "String", "feature": {"uid": "String", "name": "String", "version": "String"}, "name": "String", "cpe_name": "String", "url_string": "String",
"vendor_name": "String", "lang": "String", "version": "String"}, "creator": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String",
"risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String",
"groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}],
"type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String",
"given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"],
"labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42,
"location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5,
"postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String",
"email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String",
"labels": ["String"]}}, "version": "String", "xattributes": {}, "fingerprints": [{"value": "String", "algorithm": "String", "algorithm_id": 42}],
"system": true, "size": 42, "name": "String", "type_id": 42, "attributes": 42, "desc": "String"}, "size": 42, "name": "String", "groups": [{"uid": "String",
"privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "created_time": 42, "type_id": 42, "desc": "String"},
"win_service": {"cmd_line": "String", "service_type": "String", "service_start_type_id": 42, "service_start_type": "String", "load_order_group": "String",
"version": "String", "service_category": "String", "labels": ["String"], "uid": "String", "service_start_name": "String", "service_error_control": "String",
"service_error_control_id": 42, "name": "String", "service_type_id": 42, "service_category_id": 42, "service_dependencies": ["String"]},
"dst_endpoint": {"owner": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String",
"name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String", "privileges": ["String"],
"domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42,
"modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42,
"ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String",
"employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String",
"city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"},
"deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String",
"name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "agent": {"uid": "String", "uid_alt": 42, "name": "String",
"policies": [{"uid": "String", "name": "String", "is_applied": true, "type": "String", "version": "String", "group": {"uid": "String",
"privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}, "desc": "String"}], "type_id": 42, "vendor_name": 42,
"type": "String", "version": "String"}, "os": {"country": "String", "sp_name": "String", "build": "String", "cpu_bits": 42, "name": "String",
"cpe_name": "String", "edition": "String", "type_id": 42, "lang": "String", "type": "String", "version": "String", "sp_ver": 42}, "interface_uid": "String",
"ip": "String", "intermediate_ips": ["String"], "svc_name": "String", "type": "String", "mac": "String", "instance_uid": "String", "type_uid": 42,
"hostname": "String", "vpc_uid": "String", "zone": "String", "port": 42, "domain": "String", "subnet_uid": "String", "name": "String", "vlan_uid": "String",
"location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String",
"latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "hw_info": {"cpu_type": "String",
"serial_number": "String", "cpu_speed": 42, "desktop_display": {"physical_width": 42, "physical_height": 42, "scale_factor": 42, "color_depth": 42,
"physical_orientation": 42}, "chassis": "String", "ram_size": 42, "cpu_cores": 42, "cpu_bits": 42, "bios_manufacturer": "String", "bios_ver": "String",
"bios_date": "String", "keyboard_info": {"ime": "String", "keyboard_layout": "String", "keyboard_type": "String", "function_keys": 42,
"keyboard_subtype": 42}, "cpu_count": 42}, "interface_name": "String", "autonomous_system": {"number": 42, "name": "String"},
"proxy_endpoint": {"owner": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String",
"name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String", "privileges": ["String"],
"domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42,
"modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42,
"ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String",
"employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String",
"city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"},
"deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String",
"name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "agent": {"uid": "String", "uid_alt": 42, "name": "String",
"policies": [{"uid": "String", "name": "String", "is_applied": true, "type": "String", "version": "String", "group": {"uid": "String",
"privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}, "desc": "String"}], "type_id": 42, "vendor_name": 42,
"type": "String", "version": "String"}, "os": {"country": "String", "sp_name": "String", "build": "String", "cpu_bits": 42, "name": "String",
"cpe_name": "String", "edition": "String", "type_id": 42, "lang": "String", "type": "String", "version": "String", "sp_ver": 42}, "interface_uid": "String",
"ip": "String", "intermediate_ips": ["String"], "svc_name": "String", "type": "String", "mac": "String", "instance_uid": "String", "type_uid": 42,
"hostname": "String", "vpc_uid": "String", "zone": "String", "port": 42, "domain": "String", "subnet_uid": "String", "name": "String", "vlan_uid": "String",
"location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5,
"postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "hw_info": {"cpu_type": "String",
"serial_number": "String", "cpu_speed": 42, "desktop_display": {"physical_width": 42, "physical_height": 42, "scale_factor": 42, "color_depth": 42,
"physical_orientation": 42}, "chassis": "String", "ram_size": 42, "cpu_cores": 42, "cpu_bits": 42, "bios_manufacturer": "String", "bios_ver": "String",
"bios_date": "String", "keyboard_info": {"ime": "String", "keyboard_layout": "String", "keyboard_type": "String", "function_keys": 42,
"keyboard_subtype": 42}, "cpu_count": 42}, "interface_name": "String", "autonomous_system": {"number": 42, "name": "String"}, "proxy_endpoint": Object}},
"url": {"path": "String", "hostname": "String", "category_ids": [42], "scheme": "String", "port": 42, "domain": "String",
"url_string": "String", "subdomain": "String", "categories": ["String"], "query_string": "String", "resource_type": "String"},
"actor": {"idp": {"uid": "String", "name": "String"}, "app_name": "String", "session": {"uid": "String", "credential_uid": "String", "expiration_time": 42,
"mfa": true, "created_time": 42, "uuid": {"most_significant_bits": 42, "least_significant_bits": 42}, "issuer": "String"},
"authorizations": [{"decision": "String", "policy": {"uid": "String", "name": "String", "is_applied": true, "type": "String",
"version": "String", "group": {"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String",
"desc": "String"}, "desc": "String"}}], "process_details": {"lineage": ["String"], "cmd_line": "String", "session": {"uid": "String",
"credential_uid": "String", "expiration_time": 42, "mfa": true, "created_time": 42, "uuid": {"most_significant_bits": 42, "least_significant_bits": 42},
"issuer": "String"}, "sandbox": "String", "pid": 42, "terminated_time": 42, "parent_process": Object, "tid": 42, "xattributes": {}, "uid": "String",
"integrity": "String", "file": {"modified_time": 42, "security_descriptor": "String", "confidentiality_id": 42, "signature": {"serial_number": "String",
"issuer_name": "String", "company_name": "String", "digest": {"value": "String", "algorithm": "String", "algorithm_id": 42}, "developer_uid": "String",
"created_time": 42, "algorithm_id": 42, "algorithm": "String"}, "confidentiality": "String", "modifier": {"credential_uid": "String", "risk_level": "String",
"uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String",
"groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}],
"type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String",
"given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"],
"last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String",
"country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String",
"geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String",
"name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}},
"company_name": "String", "accessor": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String",
"name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String",
"name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42,
"manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String",
"email_addrs": ["String"], "labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String",
"created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String",
"isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"},
"deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42,
"account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "mime_type": "String", "type": "String",
"accessed_time": 42, "uid": "String", "path": "String", "parent_folder": "String", "created_time": 42, "owner": {"credential_uid": "String",
"risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"},
"full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}],
"type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String",
"job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42,
"office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String",
"is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String",
"region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42,
"risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "product": {"uid": "String",
"path": "String", "feature": {"uid": "String", "name": "String", "version": "String"}, "name": "String", "cpe_name": "String", "url_string": "String",
"vendor_name": "String", "lang": "String", "version": "String"}, "creator": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String",
"risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String",
"privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String",
"ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String",
"ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42,
"office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String",
"is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String",
"region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String",
"type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "version": "String",
"xattributes": {}, "fingerprints": [{"value": "String", "algorithm": "String", "algorithm_id": 42}], "system": true, "size": 42, "name": "String",
"type_id": 42, "attributes": 42, "desc": "String"}, "integrity_id": 42, "name": "String", "created_time": 42, "user": {"credential_uid": "String",
"risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"},
"full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}],
"type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String",
"job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"],
"last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String",
"country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String",
"geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String",
"email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String",
"labels": ["String"]}}, "loaded_modules": ["String"]}, "app_uid": "String", "user": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String",
"risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String",
"privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String",
"ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String",
"ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42,
"office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String",
"is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String",
"region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String",
"type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}},
"src_endpoint": {"owner": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String",
"name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String",
"name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42,
"manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String",
"email_addrs": ["String"], "labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String",
"created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String",
"isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"},
"deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String",
"name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "agent": {"uid": "String", "uid_alt": 42, "name": "String",
"policies": [{"uid": "String", "name": "String", "is_applied": true, "type": "String", "version": "String", "group": {"uid": "String",
"privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}, "desc": "String"}], "type_id": 42,
"vendor_name": 42, "type": "String", "version": "String"}, "os": {"country": "String", "sp_name": "String", "build": "String", "cpu_bits": 42,
"name": "String", "cpe_name": "String", "edition": "String", "type_id": 42, "lang": "String", "type": "String", "version": "String", "sp_ver": 42},
"interface_uid": "String", "ip": "String", "intermediate_ips": ["String"], "svc_name": "String", "type": "String", "mac": "String", "instance_uid": "String",
"type_uid": 42, "hostname": "String", "vpc_uid": "String", "zone": "String", "port": 42, "domain": "String", "subnet_uid": "String", "name": "String",
"vlan_uid": "String", "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String",
"isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"},
"hw_info": {"cpu_type": "String", "serial_number": "String", "cpu_speed": 42, "desktop_display": {"physical_width": 42, "physical_height": 42,
"scale_factor": 42, "color_depth": 42, "physical_orientation": 42}, "chassis": "String", "ram_size": 42, "cpu_cores": 42, "cpu_bits": 42,
"bios_manufacturer": "String", "bios_ver": "String", "bios_date": "String", "keyboard_info": {"ime": "String", "keyboard_layout": "String",
"keyboard_type": "String", "function_keys": 42, "keyboard_subtype": 42}, "cpu_count": 42}, "interface_name": "String", "autonomous_system": {"number": 42,
"name": "String"}, "proxy_endpoint": {"owner": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42,
"org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String",
"privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String",
"ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String",
"ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42,
"office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String",
"country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String",
"geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String",
"name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}},
"agent": {"uid": "String", "uid_alt": 42, "name": "String", "policies": [{"uid": "String", "name": "String", "is_applied": true, "type": "String",
"version": "String", "group": {"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"},
"desc": "String"}], "type_id": 42, "vendor_name": 42, "type": "String", "version": "String"}, "os": {"country": "String", "sp_name": "String",
"build": "String", "cpu_bits": 42, "name": "String", "cpe_name": "String", "edition": "String", "type_id": 42, "lang": "String", "type": "String",
"version": "String", "sp_ver": 42}, "interface_uid": "String", "ip": "String", "intermediate_ips": ["String"], "svc_name": "String", "type": "String",
"mac": "String", "instance_uid": "String", "type_uid": 42, "hostname": "String", "vpc_uid": "String", "zone": "String", "port": 42, "domain": "String",
"subnet_uid": "String", "name": "String", "vlan_uid": "String", "location": {"continent": "String", "country": "String", "is_on_premises": true,
"provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String",
"longitude": 42.5, "desc": "String"}, "hw_info": {"cpu_type": "String", "serial_number": "String", "cpu_speed": 42, "desktop_display": {"physical_width": 42,
"physical_height": 42, "scale_factor": 42, "color_depth": 42, "physical_orientation": 42}, "chassis": "String", "ram_size": 42, "cpu_cores": 42,
"cpu_bits": 42, "bios_manufacturer": "String", "bios_ver": "String", "bios_date": "String", "keyboard_info": {"ime": "String", "keyboard_layout": "String",
"keyboard_type": "String", "function_keys": 42, "keyboard_subtype": 42}, "cpu_count": 42}, "interface_name": "String", "autonomous_system": {"number": 42,
"name": "String"}, "proxy_endpoint": Object}}, "registry_key": {"is_system": true, "modified_time": 42, "path": "String", "security_descriptor": "String"},
"database": {"modified_time": 42, "uid": "String", "size": 42, "name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String",
"name": "String", "type": "String", "desc": "String"}], "created_time": 42, "type_id": 42, "type": "String", "desc": "String"}, "file": {"modified_time": 42,
"security_descriptor": "String", "confidentiality_id": 42, "signature": {"serial_number": "String", "issuer_name": "String", "company_name": "String",
"digest": {"value": "String", "algorithm": "String", "algorithm_id": 42}, "developer_uid": "String", "created_time": 42, "algorithm_id": 42,
"algorithm": "String"}, "confidentiality": "String", "modifier": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String",
"risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String",
"privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String",
"ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String",
"ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42,
"office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String",
"is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String",
"region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42,
"risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "company_name": "String",
"accessor": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String",
"ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String",
"name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42,
"manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String",
"email_addrs": ["String"], "labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String",
"created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String",
"isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"},
"deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String",
"name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "mime_type": "String", "type": "String", "accessed_time": 42,
"uid": "String", "path": "String", "parent_folder": "String", "created_time": 42, "owner": {"credential_uid": "String", "risk_level": "String",
"uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String",
"groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String",
"uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String",
"job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"],
"last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String",
"country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String",
"geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String",
"name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}},
"product": {"uid": "String", "path": "String", "feature": {"uid": "String", "name": "String", "version": "String"}, "name": "String", "cpe_name": "String",
"url_string": "String", "vendor_name": "String", "lang": "String", "version": "String"}, "creator": {"credential_uid": "String", "risk_level": "String",
"uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String",
"groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String",
"uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String",
"job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"],
"last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42,
"location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5,
"postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String",
"email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String",
"labels": ["String"]}}, "version": "String", "xattributes": {}, "fingerprints": [{"value": "String", "algorithm": "String", "algorithm_id": 42}],
"system": true, "size": 42, "name": "String", "type_id": 42, "attributes": 42, "desc": "String"}, "dns_query": {"hostname": "String",
"quert_class": "String", "type": "String", "opcode": "String", "opcode_id": 42, "packet_uid": 42}, "registry_value": {"is_system": true,
"modified_time": 42, "path": "String", "security_descriptor": "String", "is_default": true, "data": "String", "name": "String", "type_id": 42,
"type": "String"}, "process_details": {"lineage": ["String"], "cmd_line": "String", "session": {"uid": "String", "credential_uid": "String",
"expiration_time": 42, "mfa": true, "created_time": 42, "uuid": {"most_significant_bits": 42, "least_significant_bits": 42}, "issuer": "String"},
"sandbox": "String", "pid": 42, "terminated_time": 42, "parent_process": Object, "tid": 42, "xattributes": {}, "uid": "String", "integrity": "String",
"file": {"modified_time": 42, "security_descriptor": "String", "confidentiality_id": 42, "signature": {"serial_number": "String", "issuer_name": "String",
"company_name": "String", "digest": {"value": "String", "algorithm": "String", "algorithm_id": 42}, "developer_uid": "String", "created_time": 42,
"algorithm_id": 42, "algorithm": "String"}, "confidentiality": "String", "modifier": {"credential_uid": "String", "risk_level": "String",
"uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"},
"full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}],
"type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String",
"job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42,
"office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String",
"is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String",
"region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42,
"risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "company_name": "String",
"accessor": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String",
"ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String",
"type": "String", "desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object,
"cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"],
"labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42,
"location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5,
"postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String",
"email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String",
"labels": ["String"]}}, "mime_type": "String", "type": "String", "accessed_time": 42, "uid": "String", "path": "String", "parent_folder": "String",
"created_time": 42, "owner": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String",
"name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String",
"name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42,
"manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String",
"email_addrs": ["String"], "labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String",
"created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String",
"isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"},
"deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String",
"name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "product": {"uid": "String", "path": "String", "feature": {"uid": "String",
"name": "String", "version": "String"}, "name": "String", "cpe_name": "String", "url_string": "String", "vendor_name": "String", "lang": "String",
"version": "String"}, "creator": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String",
"name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String",
"name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42,
"manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String",
"email_addrs": ["String"], "labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String",
"created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String",
"isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"},
"deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String",
"name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "version": "String", "xattributes": {}, "fingerprints": [{"value": "String",
"algorithm": "String", "algorithm_id": 42}], "system": true, "size": 42, "name": "String", "type_id": 42, "attributes": 42, "desc": "String"},
"integrity_id": 42, "name": "String", "created_time": 42, "user": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String",
"risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String",
"groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}],
"type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String",
"given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"],
"labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42,
"location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String",
"latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42},
"domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String",
"type_id": 42, "type": "String", "labels": ["String"]}}, "loaded_modules": ["String"]}, "api": {"request": {"uid": "String", "data": "String",
"flags": ["String"], "containers": [{"network_driver": "String", "uid": "String", "orchestrator": "String", "image": {"uid": "String", "path": "String",
"name": "String", "tag": "String", "labels": ["String"]}, "size": 42, "name": "String", "runtime": "String", "tag": "String", "pod_uuid": "String",
"hash": {"value": "String", "algorithm": "String", "algorithm_id": 42}}]}, "response": {"uid": "String", "code": 42, "data": "String", "flags": ["String"],
"error_message": "String", "containers": [{"network_driver": "String", "uid": "String", "orchestrator": "String",
"image": {"uid": "String", "path": "String", "name": "String", "tag": "String", "labels": ["String"]}, "size": 42,
"name": "String", "runtime": "String", "tag": "String", "pod_uuid": "String", "hash": {"value": "String", "algorithm": "String", "algorithm_id": 42}}],
"message": "String", "error": "String"}, "service": {"uid": "String", "name": "String", "version": "String", "labels": ["String"]},
"version": "String", "operation": "String", "group": {"uid": "String", "privileges": ["String"], "domain": "String", "name": "String",
"type": "String", "desc": "String"}}, "job": {"cmd_line": "String", "uid": "String", "run_state_id": 42, "next_run_time": 42,
"last_run_time": 42, "file": {"modified_time": 42, "security_descriptor": "String", "confidentiality_id": 42, "signature": {"serial_number": "String",
"issuer_name": "String", "company_name": "String", "digest": {"value": "String", "algorithm": "String", "algorithm_id": 42},
"developer_uid": "String", "created_time": 42, "algorithm_id": 42, "algorithm": "String"}, "confidentiality": "String", "modifier": {"credential_uid": "String",
"risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"},
"full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}],
"type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String",
"given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"],
"labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String",
"created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String",
"city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String",
"longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String",
"type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}},
"company_name": "String", "accessor": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String",
"risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"},
"full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String",
"desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object,
"cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String",
"email_addrs": ["String"], "labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String",
"employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String",
"city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5,
"desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42,
"account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "mime_type": "String", "type": "String",
"accessed_time": 42, "uid": "String", "path": "String", "parent_folder": "String", "created_time": 42, "owner": {"credential_uid": "String",
"risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"},
"full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String",
"type": "String", "desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object,
"cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42,
"ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String",
"employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String",
"city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String",
"region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String",
"type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}},
"product": {"uid": "String", "path": "String", "feature": {"uid": "String", "name": "String", "version": "String"},
"name": "String", "cpe_name": "String", "url_string": "String", "vendor_name": "String", "lang": "String",
"version": "String"}, "creator": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42,
"org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String",
"groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}],
"type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String",
"given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"],
"labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String",
"created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String",
"city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String",
"longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String",
"type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String",
"labels": ["String"]}}, "version": "String", "xattributes": {}, "fingerprints": [{"value": "String", "algorithm": "String", "algorithm_id": 42}],
"system": true, "size": 42, "name": "String", "type_id": 42, "attributes": 42, "desc": "String"}, "name": "String",
"created_time": 42, "user": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String",
"risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"},
"full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}],
"type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object,
"cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42,
"ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String",
"employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "run_state": "String", "desc": "String"}, "connection_info": {"boundary": "String", "uid": "String", "protocol_ver": "String", "boundary_id": 42, "protocol_name": "String", "protocol_num": 42, "direction_id": 42, "session": {"uid": "String", "credential_uid": "String", "expiration_time": 42, "mfa": true, "created_time": 42, "uuid": {"most_significant_bits": 42, "least_significant_bits": 42}, "issuer": "String"}, "tcp_flags": 42, "protocol_ver_id": 42, "direction": "String"}, "user": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "device": {"modified_time": 42, "subnet": "String", "risk_level": "String", "risk_level_id": 42, "interface_uid": "String", "type": "String", "mac": "String", "is_compliant": true, "instance_uid": "String", "uid": "String", "hostname": "String", "vpc_uid": "String", "zone": "String", "hypervisor": "String", "created_time": 42, "vlan_uid": "String", "agent_list": [{"uid": "String", "uid_alt": 42, "name": "String", "policies": [{"uid": "String", "name": "String", "is_applied": true, "type": "String", "version": "String", "group": {"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}, "desc": "String"}], "type_id": 42, "vendor_name": 42, "type": "String", "version": "String"}], "interface_name": "String", "risk_score": 42, "is_trusted": true, "owner": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "last_seen_time": 42, "boot_time": 42, "os": {"country": "String", "sp_name": "String", "build": "String", "cpu_bits": 42, "name": "String", "cpe_name": "String", "edition": "String", "type_id": 42, "lang": "String", "type": "String", "version": "String", "sp_ver": 42}, "uid_alt": "String", "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "ip": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "is_personal": true, "is_managed": true, "network_interfaces": [{"uid": "String", "hostname": "String", "subnet_prefix": 42, "ip": "String", "name": "String", "namespace": "String", "type_id": 42, "type": "String", "mac": "String"}], "autoscale_uid": "String", "first_seen_time": 42, "domain": "String", "subnet_uid": "String", "name": "String", "imei": "String", "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "type_id": 42, "hw_info": {"cpu_type": "String", "serial_number": "String", "cpu_speed": 42, "desktop_display": {"physical_width": 42, "physical_height": 42, "scale_factor": 42, "color_depth": 42, "physical_orientation": 42}, "chassis": "String", "ram_size": 42, "cpu_cores": 42, "cpu_bits": 42, "bios_manufacturer": "String", "bios_ver": "String", "bios_date": "String", "keyboard_info": {"ime": "String", "keyboard_layout": "String", "keyboard_type": "String", "function_keys": 42, "keyboard_subtype": 42}, "cpu_count": 42}, "region": "String", "desc": "String"}, "email": {"cc": ["String"], "smtp_to": "String", "subject": "String", "delivered_to": "String", "smtp_from": "String", "x_originating_ip": ["String"], "message_uid": "String", "uid": "String", "size": 42, "reply_to": "String", "from": "String", "to": ["String"], "raw_header": "String"}}], "severity_id": 42, "severity": "String", "malware": [{"classifications": ["String"], "uid": "String", "path": "String", "provider": "String", "name": "String", "classification_ids": [42], "cves": [{"modified_time": 42, "uid": "String", "product": {"uid": "String", "path": "String", "feature": {"uid": "String", "name": "String", "version": "String"}, "name": "String", "cpe_name": "String", "url_string": "String", "vendor_name": "String", "lang": "String", "version": "String"}, "cwe_uid": "String", "cwe_url": "String", "created_time": 42, "type": "String", "cvss": {"severity": "String", "depth": "String", "overall_score": 42.5, "metrics": [{"name": "String", "value": "String"}], "base_score": 42.5, "vector_string": "String", "version": "String"}}]}], "confidence": "String", "impact": "String", "count": 42, "activity_name": "String", "resources": [{"owner": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "uid": "String", "data": "String", "name": "String", "criticality": "String", "namespace": "String", "agent_list": ["String"], "type": "String", "version": "String", "group": {"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}}], "message": "String", "unmapped": {}, "acivity_id": 42, "status_id": 42, "vulnerabilities": [{"severity": "String", "last_seen_time": 42, "affected_packages": [{}], "references": ["String"], "is_exploit_available": true, "related_vulnerabilities": ["String"], "is_fix_available": true, "vendor_name": "String", "title": "String", "kb_article_list": [{"severity": "String", "product": {"uid": "String", "path": "String", "feature": {"uid": "String", "name": "String", "version": "String"}, "name": "String", "cpe_name": "String", "url_string": "String", "vendor_name": "String", "lang": "String", "version": "String"}, "os": {"country": "String", "sp_name": "String", "build": "String", "cpu_bits": 42, "name": "String", "cpe_name": "String", "edition": "String", "type_id": 42, "lang": "String", "type": "String", "version": "String", "sp_ver": 42}, "avg_timespan": {"duration_days": 42, "duration": 42, "duration_hours": 42, "duration_weeks": 42, "duration_months": 42, "duration_years": 42, "duration_secs": 42, "type_id": 42, "duration_mins": 42, "type": "String"}, "title": "String", "classification": "String", "uid": "String", "install_state": "String", "is_superseded": true, "size": 42, "install_state_id": 42, "src_url": "String", "created_time": 42, "bulletin": "String"}], "cwe": {}, "remediation": {"references": ["String"], "kb_articles": [{"severity": "String", "product": {"uid": "String", "path": "String", "feature": {"uid": "String", "name": "String", "version": "String"}, "name": "String", "cpe_name": "String", "url_string": "String", "vendor_name": "String", "lang": "String", "version": "String"}, "os": {"country": "String", "sp_name": "String", "build": "String", "cpu_bits": 42, "name": "String", "cpe_name": "String", "edition": "String", "type_id": 42, "lang": "String", "type": "String", "version": "String", "sp_ver": 42}, "avg_timespan": {"duration_days": 42, "duration": 42, "duration_hours": 42, "duration_weeks": 42, "duration_months": 42, "duration_years": 42, "duration_secs": 42, "type_id": 42, "duration_mins": 42, "type": "String"}, "title": "String", "classification": "String", "uid": "String", "install_state": "String", "is_superseded": true, "size": 42, "install_state_id": 42, "src_url": "String", "created_time": 42, "bulletin": "String"}], "desc": "String"}, "affected_code": [{"end_line": 42, "owner": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "remediation": {"references": ["String"], "kb_articles": [{"severity": "String", "product": {"uid": "String", "path": "String", "feature": {"uid": "String", "name": "String", "version": "String"}, "name": "String", "cpe_name": "String", "url_string": "String", "vendor_name": "String", "lang": "String", "version": "String"}, "os": {"country": "String", "sp_name": "String", "build": "String", "cpu_bits": 42, "name": "String", "cpe_name": "String", "edition": "String", "type_id": 42, "lang": "String", "type": "String", "version": "String", "sp_ver": 42}, "avg_timespan": {"duration_days": 42, "duration": 42, "duration_hours": 42, "duration_weeks": 42, "duration_months": 42, "duration_years": 42, "duration_secs": 42, "type_id": 42, "duration_mins": 42, "type": "String"}, "title": "String", "classification": "String", "uid": "String", "install_state": "String", "is_superseded": true, "size": 42, "install_state_id": 42, "src_url": "String", "created_time": 42, "bulletin": "String"}], "desc": "String"}, "file": {"modified_time": 42, "security_descriptor": "String", "confidentiality_id": 42, "signature": {"serial_number": "String", "issuer_name": "String", "company_name": "String", "digest": {"value": "String", "algorithm": "String", "algorithm_id": 42}, "developer_uid": "String", "created_time": 42, "algorithm_id": 42, "algorithm": "String"}, "confidentiality": "String", "modifier": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "company_name": "String", "accessor": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "mime_type": "String", "type": "String", "accessed_time": 42, "uid": "String", "path": "String", "parent_folder": "String", "created_time": 42, "owner": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "product": {"uid": "String", "path": "String", "feature": {"uid": "String", "name": "String", "version": "String"}, "name": "String", "cpe_name": "String", "url_string": "String", "vendor_name": "String", "lang": "String", "version": "String"}, "creator": {"credential_uid": "String", "risk_level": "String", "uid_alt": "String", "risk_level_id": 42, "org": {"uid": "String", "name": "String", "ou_uid": "String", "ou_name": "String"}, "full_name": "String", "groups": [{"uid": "String", "privileges": ["String"], "domain": "String", "name": "String", "type": "String", "desc": "String"}], "type": "String", "uid": "String", "ldap_person": {"leave_time": 42, "modified_time": 42, "manager": Object, "cost_center": "String", "given_name": "String", "job_title": "String", "ldap_cn": "String", "hire_time": 42, "ldap_dn": "String", "email_addrs": ["String"], "labels": ["String"], "last_login_time": 42, "office_location": "String", "surname": "String", "employee_uid": "String", "created_time": 42, "location": {"continent": "String", "country": "String", "is_on_premises": true, "provider": "String", "city": "String", "isp": "String", "latitude": 42.5, "postal_code": "String", "geohash": "String", "region": "String", "longitude": 42.5, "desc": "String"}, "deleted_time": 42}, "domain": "String", "email_addr": "String", "name": "String", "type_id": 42, "risk_score": 42, "account": {"uid": "String", "name": "String", "type_id": 42, "type": "String", "labels": ["String"]}}, "version": "String", "xattributes": {}, "fingerprints": [{"value": "String", "algorithm": "String", "algorithm_id": 42}], "system": true, "size": 42, "name": "String", "type_id": 42, "attributes": 42, "desc": "String"}, "start_line": 42}], "cve": {"modified_time": 42, "uid": "String", "product": {"uid": "String", "path": "String", "feature": {"uid": "String", "name": "String", "version": "String"}, "name": "String", "cpe_name": "String", "url_string": "String", "vendor_name": "String", "lang": "String", "version": "String"}, "cwe_uid": "String", "cwe_url": "String", "created_time": 42, "type": "String", "cvss": {"severity": "String", "depth": "String", "overall_score": 42.5, "metrics": [{"name": "String", "value": "String"}], "base_score": 42.5, "vector_string": "String", "version": "String"}}, "first_seen_time": 42, "desc": "String"}], "comment": "String", "end_time": 42, "impact_score": 42, "class_uid": 42, "enrichments": [{"data": "String", "provider": "String", "name": "String", "reputation": {"score_id": 42, "score": "String", "provider": "String", "base_score": 42.5}, "src_url": "String", "created_time": 42, "short_desc": "String", "type": "String", "value": "String", "desc": "String"}], "status": "String", "status_code": "String"}]