Endpoint
endpoint
The Endpoint object describes a physical or virtual device that connects to and exchanges information with a computer network. Some examples of endpoints are mobile devices, desktop computers, virtual machines, embedded devices, and servers. Internet-of-Things devices—like cameras, lighting, refrigerators, security systems, smart speakers, and thermostats—are also endpoints.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Agent List | agent_list | Agent[] | A list of agent objects associated with a device, endpoint, or resource. |
| Container | container | Container[] | Entity:CONTAINERGroup: contextThe information describing an instance of a container. A container is a prepackaged, portable system image that runs isolated on an existing system using a container runtime like containerd. |
| Domain | domain | String | The name of the domain that the endpoint belongs to or that corresponds to the endpoint. |
| Hostname | hostname | Hostname | Entity:HOSTNAMEThe fully qualified name of the endpoint. |
| Hardware Info | hw_info | Device Hardware Info[] | The endpoint hardware information. |
| Instance ID | instance_uid | String | The unique identifier of a VM instance. |
| Network Interface Name | interface_name | String | The name of the network interface (e.g. eth2). |
| Network Interface ID | interface_uid | String | The unique identifier of the network interface. |
| IP Address | ip | IP Address | Entity:IP_ADDRESSThe IP address of the endpoint, in either IPv4 or IPv6 format. |
| Geo Location | location | Geo Location[] | Entity:GEO_LOCATIONThe geographical location of the endpoint. |
| MAC Address | mac | MAC Address | Entity:MAC_ADDRESSThe Media Access Control (MAC) address of the endpoint. |
| Name | name | String | The short name of the endpoint. |
| Namespace PID | namespace_pid | Integer | Group:contextIf running under a process namespace (such as in a container), the process identifier within that process namespace. |
| OS | os | Operating System (OS)[] | The endpoint operating system. |
| Owner | owner | User[] | Entity:USERThe identity of the service or user account that owns the endpoint or was last logged into it. |
| Raw Data | raw_data | JSON | Group:contextThe event data as received from the event source. |
| Record ID | record_id | String | Group:primaryUnique identifier for the object |
| Subnet UID | subnet_uid | String | The unique identifier of a virtual subnet. |
| Type | type | String | The endpoint type. For example: unknown, server, desktop, laptop, tablet, mobile, virtual, browser, or other. |
| Type ID | type_id | Integer | The endpoint type ID.
|
| Unique ID | uid | String | The unique identifier of the endpoint. |
| Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
| VLAN | vlan_uid | String | The Virtual LAN identifier. |
| VPC UID | vpc_uid | String | The unique identifier of the Virtual Private Cloud (VPC). |
| Network Zone | zone | String | The network zone or LAN segment. |
Relationships
Outbound Relationships
Endpoint references the following objects and events in its attributes:
This page describes qdm-1.5.1+ocsf-1.6.0