Network Endpoint
network_endpoint
The network endpoint object describes source or destination of a network connection.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Agent List | agent_list |
Agent[] |
A list of agent objects associated with a device, endpoint, or resource.
|
| Autonomous System | autonomous_system |
Autonomous System[] | The Autonomous System details associated with an IP address. |
| Container | container |
Container[] |
Entity:CONTAINERGroup: contextThe information describing an instance of a container. A container is a prepackaged, portable system image that runs isolated on an existing system using a container runtime like containerd. |
| Domain | domain |
String | The name of the domain that the endpoint belongs to or that corresponds to the endpoint. |
| Hostname | hostname |
Hostname |
Entity:HOSTNAMEThe fully qualified name of the endpoint. |
| Hardware Info | hw_info |
Device Hardware Info[] | The endpoint hardware information. |
| Instance ID | instance_uid |
String | The unique identifier of a VM instance. |
| Network Interface Name | interface_name |
String | The name of the network interface (e.g. eth2). |
| Network Interface ID | interface_uid |
String | The unique identifier of the network interface. |
| Intermediate IP Addresses | intermediate_ips |
IP Address[] |
Entity:IP_ADDRESSThe intermediate IP Addresses. For example, the IP addresses in the HTTP X-Forwarded-For header. |
| IP Address | ip |
IP Address |
Entity:IP_ADDRESSThe IP address of the endpoint, in either IPv4 or IPv6 format. |
| IP Intelligence | ip_intelligence |
IP Threat Intelligence[] | Insights from threat intelligence platforms about IP Address |
| Geo Location | location |
Geo Location[] |
Entity:GEO_LOCATIONThe geographical location of the endpoint. |
| MAC Address | mac |
MAC Address |
Entity:MAC_ADDRESSThe Media Access Control (MAC) address of the endpoint. |
| Name | name |
String | The short name of the endpoint. |
| Namespace PID | namespace_pid |
Integer |
Group:contextIf running under a process namespace (such as in a container), the process identifier within that process namespace. |
| OS | os |
Operating System (OS)[] | The endpoint operating system. |
| Owner | owner |
User[] |
Entity:USERThe identity of the service or user account that owns the endpoint or was last logged into it. |
| Port | port |
Port |
Entity:PORTThe port used for communication within the network connection. |
| Proxy Endpoint | proxy_endpoint |
Network Proxy Endpoint[] | The network proxy information pertaining to a specific endpoint. This can be used to describe information pertaining to network address translation (NAT). |
| Raw Data | raw_data |
JSON |
Group:contextThe event data as received from the event source. |
| Record ID | record_id |
String |
Group:primaryUnique identifier for the object |
| Subnet UID | subnet_uid |
String | The unique identifier of a virtual subnet. |
| Service Name | svc_name |
String | The service name in service-to-service connections. For example, AWS VPC logs the pkt-src-aws-service and pkt-dst-aws-service fields identify the connection is coming from or going to an AWS service. |
| Type | type |
String |
The network endpoint type. For example: unknown, server, desktop, laptop, tablet, mobile, virtual, browser, or other.
|
| Type ID | type_id |
Integer |
The network endpoint type ID.
|
| Unique ID | uid |
String | The unique identifier of the endpoint. |
| Unmapped | unmapped |
Unmapped[] | Data from the source that was not mapped into the schema. |
| VLAN | vlan_uid |
String | The Virtual LAN identifier. |
| VPC UID | vpc_uid |
String | The unique identifier of the Virtual Private Cloud (VPC). |
| Network Zone | zone |
String | The network zone or LAN segment. |
Relationships
Inbound Relationships
These objects and events reference Network Endpoint in their attributes:
- RDP Activity
- Load Balancer
- Authorize Session
- Web Resource Access Activity
- Evidence Artifacts
- HTTP Activity
- Entity Management
- Datastore Activity
- DNS Activity
- FTP Activity
- Web Resources Activity
- Data Security Finding
- File Hosting Activity
- Tunnel Activity
- Authentication
- User Access Management
- SMB Activity
- API Activity
- Network
- DHCP Activity
- Drone Flights Activity
- Group Management
- Airborne Broadcast Activity
- SSH Activity
- Unmanned Systems
- NTP Activity
- Network Activity
- Network File Activity
- Endpoint Connection
- Account Change
- Email Activity
- Identity & Access Management
- Event Log Activity
Outbound Relationships
Network Endpoint references the following objects and events in its attributes:
- IP Threat Intelligence
- Agent
- Device Hardware Info
- Container
- Network Proxy Endpoint
- Autonomous System
- Unmapped
- Geo Location
- Operating System (OS)
- User
This page describes ocsf-1.4.0
Updated 3 days ago