Network Connection Information

network_connection_info

The Network Connection Information object describes characteristics of an OSI Transport Layer communication, including TCP and UDP.

Attributes

Caption	Name	Type	Description
Boundary	`boundary`	String	The boundary of the connection, normalized to the caption of 'boundary_id'. In the case of 'Other', it is defined by the event source. For cloud connections, this translates to the traffic-boundary(same VPC, through IGW, etc.). For traditional networks, this is described as Local, Internal, or External.
Boundary ID	`boundary_id`	Integer	The normalized identifier of the boundary of the connection. For cloud connections, this translates to the traffic-boundary (same VPC, through IGW, etc.). For traditional networks, this is described as Local, Internal, or External. `0`: Unknown (`UNKNOWN`) `1`: Localhost (`LOCALHOST`) `2`: Internal (`INTERNAL`) `3`: External (`EXTERNAL`) `4`: Same VPC (`SAME_VPC`) `5`: Internet/VPC Gateway (`INTERNET/VPC_GATEWAY`) `6`: Virtual Private Gateway (`VIRTUAL_PRIVATE_GATEWAY`) `7`: Intra-region VPC (`INTRA_REGION_VPC`) `8`: Inter-region VPC (`INTER_REGION_VPC`) `9`: Local Gateway (`LOCAL_GATEWAY`) `10`: Gateway VPC (`GATEWAY_VPC`) `11`: Internet Gateway (`INTERNET_GATEWAY`) `99`: Other (`OTHER`)
Community ID	`community_uid`	String	The Community ID of the network connection.
Direction	`direction`	String	The direction of the initiated connection, traffic, or email, normalized to the caption of the direction_id value. In the case of 'Other', it is defined by the event source.
Direction ID	`direction_id`	Integer	The normalized identifier of the direction of the initiated connection, traffic, or email. `0`: Unknown (`UNKNOWN`) `1`: Inbound (`INBOUND`) `2`: Outbound (`OUTBOUND`) `3`: Lateral (`LATERAL`) `99`: Other (`OTHER`)
Connection Flag History	`flag_history`	String	The Connection Flag History summarizes events in a network connection. For example flags ShAD representing SYN, SYN/ACK, ACK and Data exchange.
Protocol Name	`protocol_name`	String	The IP protocol name in lowercase, as defined by the Internet Assigned Numbers Authority (IANA). For example: tcp or udp.
Protocol Number	`protocol_num`	Integer	The IP protocol number, as defined by the Internet Assigned Numbers Authority (IANA). For example: 6 for TCP and 17 for UDP.
IP Version	`protocol_ver`	String	The Internet Protocol version.
IP Version ID	`protocol_ver_id`	Integer	The Internet Protocol version identifier. `0`: Unknown (`UNKNOWN`) `4`: Internet Protocol version 4 (IPv4) (`INTERNET_PROTOCOL_VERSION_4_(IPV4)`) `6`: Internet Protocol version 6 (IPv6) (`INTERNET_PROTOCOL_VERSION_6_(IPV6)`) `99`: Other (`OTHER`)
Raw Data	`raw_data`	JSON	Group:`context` The event data as received from the event source.
Record ID	`record_id`	String	Group:`primary` Unique identifier for the object
Session	`session`	Session[]	The authenticated user or service session.
TCP Flags	`tcp_flags`	Integer	The network connection TCP header flags (i.e., control bits).
Connection UID	`uid`	String	The unique identifier of the connection.
Unmapped	`unmapped`	Unmapped[]	Data from the source that was not mapped into the schema.

Relationships

Inbound Relationships

These objects and events reference Network Connection Information in their attributes:

Outbound Relationships

Network Connection Information references the following objects and events in its attributes:

This page describes qdm-1.5.1+ocsf-1.6.0