Network Connection Information

network_connection_info

The Network Connection Information object describes characteristics of an OSI Transport Layer communication, including TCP and UDP.

Attributes

Caption	Name	Type	Description
Boundary	`boundary`	String	The boundary of the connection, normalized to the caption of 'boundary_id'. In the case of 'Other', it is defined by the event source. For cloud connections, this translates to the traffic-boundary(same VPC, through IGW, etc.). For traditional networks, this is described as Local, Internal, or External.
Boundary ID	`boundary_id`	Integer	The normalized identifier of the boundary of the connection. For cloud connections, this translates to the traffic-boundary (same VPC, through IGW, etc.). For traditional networks, this is described as Local, Internal, or External. `0`: Unknown (`UNKNOWN`) `1`: Localhost (`LOCALHOST`) `2`: Internal (`INTERNAL`) `3`: External (`EXTERNAL`) `4`: Same VPC (`SAME_VPC`) `5`: Internet/VPC Gateway (`INTERNET/VPC_GATEWAY`) `6`: Virtual Private Gateway (`VIRTUAL_PRIVATE_GATEWAY`) `7`: Intra-region VPC (`INTRA_REGION_VPC`) `8`: Inter-region VPC (`INTER_REGION_VPC`) `9`: Local Gateway (`LOCAL_GATEWAY`) `10`: Gateway VPC (`GATEWAY_VPC`) `11`: Internet Gateway (`INTERNET_GATEWAY`) `99`: Other (`OTHER`)
Community ID	`community_uid`	String	The Community ID of the network connection.
Direction	`direction`	String	The direction of the initiated connection, traffic, or email, normalized to the caption of the direction_id value. In the case of 'Other', it is defined by the event source.
Direction ID	`direction_id`	Integer	The normalized identifier of the direction of the initiated connection, traffic, or email. `0`: Unknown (`UNKNOWN`) `1`: Inbound (`INBOUND`) `2`: Outbound (`OUTBOUND`) `3`: Lateral (`LATERAL`) `99`: Other (`OTHER`)
Connection Flag History	`flag_history`	String	The Connection Flag History summarizes events in a network connection. For example flags ShAD representing SYN, SYN/ACK, ACK and Data exchange.
Protocol Name	`protocol_name`	String	The IP protocol name in lowercase, as defined by the Internet Assigned Numbers Authority (IANA). For example: tcp or udp.
Protocol Number	`protocol_num`	Integer	The IP protocol number, as defined by the Internet Assigned Numbers Authority (IANA). For example: 6 for TCP and 17 for UDP.
IP Version	`protocol_ver`	String	The Internet Protocol version.
IP Version ID	`protocol_ver_id`	Integer	The Internet Protocol version identifier. `0`: Unknown (`UNKNOWN`) `4`: Internet Protocol version 4 (IPv4) (`INTERNET_PROTOCOL_VERSION_4_(IPV4)`) `6`: Internet Protocol version 6 (IPv6) (`INTERNET_PROTOCOL_VERSION_6_(IPV6)`) `99`: Other (`OTHER`)
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Session	`session`	Session[]	The authenticated user or service session.
TCP Flags	`tcp_flags`	Integer	The network connection TCP header flags (i.e., control bits).
Connection UID	`uid`	String	The unique identifier of the connection.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

Relationships

Network Connection Information shown in context

Inbound Relationships

These objects and events reference Network Connection Information in their attributes:

Outbound Relationships

Network Connection Information references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0