Endpoint

The Endpoint object describes a physical or virtual device that connects to and exchanges information with a computer network. Some examples of endpoints are mobile devices, desktop computers, virtual machines, embedded devices, and servers. Internet-of-Things devices—like cameras, lighting, refrigerators, security systems, smart speakers, and thermostats—are also endpoints.

Attributes

Caption	Name	Type	Description
Agent List	`agent_list`	Agent[]	A list of `agent` objects associated with a device, endpoint, or resource.
Container	`container`	Container[]	The information describing an instance of a container. A container is a prepackaged, portable system image that runs isolated on an existing system using a container runtime like containerd.
Domain	`domain`	String	The name of the domain.
Hostname	`hostname`	Hostname	The fully qualified name of the endpoint.
Hardware Info	`hw_info`	Device Hardware Info[]	The endpoint hardware information.
Instance ID	`instance_uid`	String	The unique identifier of a VM instance.
Network Interface Name	`interface_name`	String	The name of the network interface (e.g. eth2).
Network Interface ID	`interface_uid`	String	The unique identifier of the network interface.
IP Address	`ip`	IP Address	The IP address of the endpoint, in either IPv4 or IPv6 format.
Geo Location	`location`	Geo Location[]	The geographical location of the endpoint.
MAC Address	`mac`	MAC Address	The Media Access Control (MAC) address of the endpoint.
Name	`name`	String	The short name of the endpoint.
Namespace PID	`namespace_pid`	Integer	If running under a process namespace (such as in a container), the process identifier within that process namespace.
OS	`os`	Operating System (OS)[]	The endpoint operating system.
Owner	`owner`	User[]	The identity of the service or user account that owns the endpoint or was last logged into it.
Raw Data	`raw_data`	JSON	The event data as received from the event source.
Record ID	`record_id`	String	Unique identifier for the object
Reputation Scores	`reputation`	Reputation[]	Contains the original and normalized reputation scores. 🚧 WARNING: DEPRECATED Reputation Scores has been deprecated since 1.1.0. Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0
Subnet UID	`subnet_uid`	String	The unique identifier of a virtual subnet.
Type	`type`	String	The endpoint type. For example: `unknown`, `server`, `desktop`, `laptop`, `tablet`, `mobile`, `virtual`, `browser`, or `other`.
Type ID	`type_id`	Integer	The endpoint type ID. `0`: Unknown (`UNKNOWN`) `1`: Server (`SERVER`) `10`: Switch (`SWITCH`) `11`: Hub (`HUB`) `12`: Router (`ROUTER`) `13`: IDS (`IDS`) `14`: IPS (`IPS`) `15`: Load Balancer (`LOAD_BALANCER`) `2`: Desktop (`DESKTOP`) `3`: Laptop (`LAPTOP`) `4`: Tablet (`TABLET`) `5`: Mobile (`MOBILE`) `6`: Virtual (`VIRTUAL`) `7`: IOT (`IOT`) `8`: Browser (`BROWSER`) `9`: Firewall (`FIREWALL`) `99`: Other (`OTHER`)
Unique ID	`uid`	String	The unique identifier of the endpoint.
Unmapped Data	`unmapped`	Unmapped[]	The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.
VLAN	`vlan_uid`	String	The Virtual LAN identifier.
VPC UID	`vpc_uid`	String	The unique identifier of the Virtual Private Cloud (VPC).
Network Zone	`zone`	String	The network zone or LAN segment.

Relationships

Outbound Relationships

Endpoint references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0