Artifact

Information about an artifact. The artifact can only be an IP.

JSON representation

JSON representation
{"ip":string,"prevalence":{object (`Prevalence`)},"firstSeenTime":string,"lastSeenTime":string,"location":{object (`Location`)},"network":{object (`Network`)},"asOwner":string,"asn":string,"jarm":string,"lastHttpsCertificate":{object (`SSLCertificate`)},"lastHttpsCertificateDate":string,"regionalInternetRegistry":string,"tags":[string],"whois":string,"whoisDate":string,"tunnels":[{object (`Tunnels`)}],"anonymous":boolean,"artifactClient":{object (`ArtifactClient`)},"risks":[string]}

{"ip":string,"prevalence":{object (Prevalence)},"firstSeenTime":string,"lastSeenTime":string,"location":{object (Location)},"network":{object (Network)},"asOwner":string,"asn":string,"jarm":string,"lastHttpsCertificate":{object (SSLCertificate)},"lastHttpsCertificateDate":string,"regionalInternetRegistry":string,"tags":[string],"whois":string,"whoisDate":string,"tunnels":[{object (Tunnels)}],"anonymous":boolean,"artifactClient":{object (ArtifactClient)},"risks":[string]}

Fields
`ip`	`string` IP address of the artifact. This field can be used as an entity indicator for an external destination IP entity.
`prevalence`	`object (Prevalence)` The prevalence of the artifact within the customer's environment.
`firstSeenTime`	`string (Timestamp format)` First seen timestamp of the IP in the customer's environment. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:`"2014-10-02T15:01:23Z"`,`"2014-10-02T15:01:23.045123456Z"` or`"2014-10-02T15:01:23+05:30"`.
`lastSeenTime`	`string (Timestamp format)` Last seen timestamp of the IP address in the customer's environment. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:`"2014-10-02T15:01:23Z"`,`"2014-10-02T15:01:23.045123456Z"` or`"2014-10-02T15:01:23+05:30"`.
`location`	`object (Location)` Location of the Artifact's IP address.
`network`	`object (Network)` Network information related to the Artifact's IP address.
`asOwner`	`string` Owner of the Autonomous System to which the IP address belongs.
`asn`	`string (int64 format)` Autonomous System Number to which the IP address belongs.
`jarm`	`string` The JARM hash for the IP address. (https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a).
`lastHttpsCertificate`	`object (SSLCertificate)` SSL certificate information about the IP address.
`lastHttpsCertificateDate`	`string (Timestamp format)` Most recent date for the certificate in VirusTotal. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:`"2014-10-02T15:01:23Z"`,`"2014-10-02T15:01:23.045123456Z"` or`"2014-10-02T15:01:23+05:30"`.
`regionalInternetRegistry`	`string` RIR (one of the current RIRs: AFRINIC, ARIN, APNIC, LACNIC or RIPE NCC).
`tags[]`	`string` Identification attributes
`whois`	`string` WHOIS information as returned from the pertinent WHOIS server.
`whoisDate`	`string (Timestamp format)` Date of the last update of the WHOIS record in VirusTotal. Uses RFC 3339, where generated output will always be Z-normalized and use 0, 3, 6 or 9 fractional digits. Offsets other than "Z" are also accepted. Examples:`"2014-10-02T15:01:23Z"`,`"2014-10-02T15:01:23.045123456Z"` or`"2014-10-02T15:01:23+05:30"`.
`tunnels[]`	`object (Tunnels)` VPN tunnels.
`anonymous`	`boolean` Whether the VPN tunnels are configured for anonymous browsing or not.
`artifactClient`	`object (ArtifactClient)` Entity or software accessing or utilizing network resources.
`risks[]`	`string` This field lists potential risks associated with the network activity.

Tunnels

VPN tunnels.

JSON representation
{"provider":string,"type":string}

Fields

Fields
`provider`	`string` The provider of the VPN tunnels being used.
`type`	`string` The type of the VPN tunnels.

provider

string

The provider of the VPN tunnels being used.

type

string

The type of the VPN tunnels.

ArtifactClient

Entity or software accessing or utilizing network resources.

JSON representation
{"behaviors":[string],"proxies":[string]}

Fields

Fields
`behaviors[]`	`string` The behaviors of the client accessing the network.
`proxies[]`	`string` The type of proxies used by the client.

behaviors[]

string

The behaviors of the client accessing the network.

proxies[]

string

The type of proxies used by the client.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-10-19 UTC.

Movatterモバイル変換

Artifact Stay organized with collections Save and categorize content based on your preferences.

Tunnels

ArtifactClient

Artifact