Guides

Network Connection Information

Suggest Edits

The Network Connection Information object describes characteristics of a network connection. Defined by D3FEND d3f:NetworkSession.

Attributes

CaptionNameTypeDescription
Boundary boundary String The boundary of the connection, normalized to the caption of 'boundary_id'. In the case of 'Other', it is defined by the event source.

For cloud connections, this translates to the traffic-boundary(same VPC, through IGW, etc.). For traditional networks, this is described as Local, Internal, or External.
Boundary ID boundary_id Integer

The normalized identifier of the boundary of the connection.

For cloud connections, this translates to the traffic-boundary (same VPC, through IGW, etc.). For traditional networks, this is described as Local, Internal, or External.

  • 0: Unknown (UNKNOWN)
  • 1: Localhost (LOCALHOST)
  • 10: Gateway VPC (GATEWAY_VPC)
  • 11: Internet Gateway (INTERNET_GATEWAY)
  • 2: Internal (INTERNAL)
  • 3: External (EXTERNAL)
  • 4: Same VPC (SAME_VPC)
  • 5: Internet/VPC Gateway (INTERNET/VPC_GATEWAY)
  • 6: Virtual Private Gateway (VIRTUAL_PRIVATE_GATEWAY)
  • 7: Intra-region VPC (INTRA-REGION_VPC)
  • 8: Inter-region VPC (INTER-REGION_VPC)
  • 9: Local Gateway (LOCAL_GATEWAY)
  • 99: Other (OTHER)
Direction direction String The direction of the initiated connection, traffic, or email, normalized to the caption of the direction_id value. In the case of 'Other', it is defined by the event source.
Direction ID direction_id Integer The normalized identifier of the direction of the initiated connection, traffic, or email.
  • 0: Unknown (UNKNOWN)
  • 1: Inbound (INBOUND)
  • 2: Outbound (OUTBOUND)
  • 3: Lateral (LATERAL)
  • 99: Other (OTHER)
Protocol Name protocol_name String The TCP/IP protocol name in lowercase, as defined by the Internet Assigned Numbers Authority (IANA). See Protocol Numbers. For example: tcp or udp.
Protocol Number protocol_num Integer The TCP/IP protocol number, as defined by the Internet Assigned Numbers Authority (IANA). Use -1 if the protocol is not defined by IANA. See Protocol Numbers. For example: 6 for TCP and 17 for UDP.
IP Version protocol_ver String The Internet Protocol version.
IP Version ID protocol_ver_id Integer The Internet Protocol version identifier.
  • 0: Unknown (UNKNOWN)
  • 4: Internet Protocol version 4 (IPv4) (INTERNET_PROTOCOL_VERSION_4_(IPV4))
  • 6: Internet Protocol version 6 (IPv6) (INTERNET_PROTOCOL_VERSION_6_(IPV6))
  • 99: Other (OTHER)
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Session session Session[] The authenticated user or service session.
TCP Flags tcp_flags Integer The network connection TCP header flags (i.e., control bits).
Connection UID uid String The unique identifier of the connection.
Unmapped Data unmapped Unmapped[] The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.

Relationships

Network Connection Information shown in context

Inbound Relationships

These objects and events reference Network Connection Information in their attributes:

Outbound Relationships

Network Connection Information references the following objects and events in its attributes:

This page describes qdm-1.3.2+ocsf-1.3.0

Updated 2 months ago