Network Endpoint
The network endpoint object describes source or destination of a network connection.
Attributes
Caption | Name | Type | Description |
---|---|---|---|
Agent List | agent_list |
Agent[] |
A list of agent objects associated with a device, endpoint, or resource.
|
Autonomous System | autonomous_system |
Autonomous System[] | The Autonomous System details associated with an IP address. |
Container | container |
Container[] | The information describing an instance of a container. A container is a prepackaged, portable system image that runs isolated on an existing system using a container runtime like containerd. |
Domain | domain |
String | The name of the domain. |
Hostname | hostname |
Hostname | The fully qualified name of the endpoint. |
Hardware Info | hw_info |
Device Hardware Info[] | The endpoint hardware information. |
Instance ID | instance_uid |
String | The unique identifier of a VM instance. |
Network Interface Name | interface_name |
String | The name of the network interface (e.g. eth2). |
Network Interface ID | interface_uid |
String | The unique identifier of the network interface. |
Intermediate IP Addresses | intermediate_ips |
IP Address[] | The intermediate IP Addresses. For example, the IP addresses in the HTTP X-Forwarded-For header. |
IP Address | ip |
IP Address | The IP address of the endpoint, in either IPv4 or IPv6 format. |
IP Intelligence | ip_intelligence |
IP Threat Intelligence[] | Insights from threat intelligence platforms about IP Address |
Geo Location | location |
Geo Location[] | The geographical location of the endpoint. |
MAC Address | mac |
MAC Address | The Media Access Control (MAC) address of the endpoint. |
Name | name |
String | The short name of the endpoint. |
Namespace PID | namespace_pid |
Integer | If running under a process namespace (such as in a container), the process identifier within that process namespace. |
OS | os |
Operating System (OS)[] | The endpoint operating system. |
Owner | owner |
User[] | The identity of the service or user account that owns the endpoint or was last logged into it. |
Port | port |
Port | The port used for communication within the network connection. |
Proxy Endpoint | proxy_endpoint |
Network Proxy Endpoint[] | The network proxy information pertaining to a specific endpoint. This can be used to describe information pertaining to network address translation (NAT). |
Raw Data | raw_data |
JSON | The event data as received from the event source. |
Record ID | record_id |
String | Unique identifier for the object |
Reputation Scores | reputation |
Reputation[] |
Contains the original and normalized reputation scores.
|
Subnet UID | subnet_uid |
String | The unique identifier of a virtual subnet. |
Service Name | svc_name |
String | The service name in service-to-service connections. For example, AWS VPC logs the pkt-src-aws-service and pkt-dst-aws-service fields identify the connection is coming from or going to an AWS service. |
Type | type |
String |
The network endpoint type. For example: unknown , server , desktop , laptop , tablet , mobile , virtual , browser , or other .
|
Type ID | type_id |
Integer |
The network endpoint type ID.
|
Unique ID | uid |
String | The unique identifier of the endpoint. |
Unmapped Data | unmapped |
Unmapped[] | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
VLAN | vlan_uid |
String | The Virtual LAN identifier. |
VPC UID | vpc_uid |
String | The unique identifier of the Virtual Private Cloud (VPC). |
Network Zone | zone |
String | The network zone or LAN segment. |
Relationships
Inbound Relationships
These objects and events reference Network Endpoint in their attributes:
- Endpoint Connection
- API Activity
- Network Activity
- Network File Activity
- RDP Activity
- SMB Activity
- Web Resources Activity
- Entity Management
- Windows Evidence Artifacts
- Account Change
- Load Balancer
- HTTP Activity
- Authorize Session
- File Hosting Activity
- Group Management
- Web Resource Access Activity
- SSH Activity
- Event Log Activity
- Datastore Activity
- Email Activity
- Tunnel Activity
- Data Security Finding
- User Access Management
- FTP Activity
- NTP Activity
- Identity & Access Management
- DHCP Activity
- Authentication
- DNS Activity
- Network
Outbound Relationships
Network Endpoint references the following objects and events in its attributes:
- Unmapped
- Geo Location
- Network Proxy Endpoint
- Autonomous System
- Agent
- User
- Reputation
- Container
- Device Hardware Info
- Operating System (OS)
- IP Threat Intelligence
This page describes qdm-1.3.2+ocsf-1.3.0
Updated about 1 month ago