Network Endpoint
network_endpoint
The network endpoint object describes source or destination of a network connection.
Attributes
| Caption | Name | Type | Description |
|---|---|---|---|
| Agent List | agent_list | Agent[] | A list of |
| Autonomous System | autonomous_system | Autonomous System[] | The Autonomous System details associated with an IP address. |
| Container | container | Container[] | Entity: |
| Domain | domain | String | The name of the domain that the endpoint belongs to or that corresponds to the endpoint. |
| Hostname | hostname | Hostname | Entity: |
| Hardware Info | hw_info | Device Hardware Info[] | The endpoint hardware information. |
| Instance ID | instance_uid | String | The unique identifier of a VM instance. |
| Network Interface Name | interface_name | String | The name of the network interface (e.g. eth2). |
| Network Interface ID | interface_uid | String | The unique identifier of the network interface. |
| Intermediate IP Addresses | intermediate_ips | IP Address[] | Entity: |
| IP Address | ip | IP Address | Entity: |
| IP Intelligence | ip_intelligence | IP Threat Intelligence[] | Insights from threat intelligence platforms about IP Address |
| Geo Location | location | Geo Location[] | Entity: |
| MAC Address | mac | MAC Address | Entity: |
| Name | name | String | The short name of the endpoint. |
| Namespace PID | namespace_pid | Integer | Group: |
| OS | os | Operating System (OS)[] | The endpoint operating system. |
| Owner | owner | User[] | Entity: |
| Port | port | Port | Entity: |
| Proxy Endpoint | proxy_endpoint | Network Proxy Endpoint[] | The network proxy information pertaining to a specific endpoint. This can be used to describe information pertaining to network address translation (NAT). |
| Raw Data | raw_data | JSON | Group: |
| Record ID | record_id | String | Group: |
| Subnet UID | subnet_uid | String | The unique identifier of a virtual subnet. |
| Service Name | svc_name | String | The service name in service-to-service connections. For example, AWS VPC logs the pkt-src-aws-service and pkt-dst-aws-service fields identify the connection is coming from or going to an AWS service. |
| Type | type | String | The network endpoint type. For example: |
| Type ID | type_id | Integer | The network endpoint type ID.
|
| Unique ID | uid | String | The unique identifier of the endpoint. |
| Unmapped | unmapped | Unmapped[] | Data from the source that was not mapped into the schema. |
| VLAN | vlan_uid | String | The Virtual LAN identifier. |
| VPC UID | vpc_uid | String | The unique identifier of the Virtual Private Cloud (VPC). |
| Network Zone | zone | String | The network zone or LAN segment. |
Relationships
Inbound Relationships
These objects and events reference Network Endpoint in their attributes:
- RDP Activity
- Load Balancer
- Authorize Session
- Web Resource Access Activity
- Evidence Artifacts
- HTTP Activity
- Entity Management
- Datastore Activity
- DNS Activity
- FTP Activity
- Web Resources Activity
- Data Security Finding
- File Hosting Activity
- Tunnel Activity
- Authentication
- User Access Management
- SMB Activity
- API Activity
- Network
- DHCP Activity
- Drone Flights Activity
- Group Management
- Airborne Broadcast Activity
- SSH Activity
- Unmanned Systems
- NTP Activity
- Network Activity
- Network File Activity
- Endpoint Connection
- Account Change
- Email Activity
- Identity & Access Management
- Event Log Activity
Outbound Relationships
Network Endpoint references the following objects and events in its attributes:
- IP Threat Intelligence
- Agent
- Device Hardware Info
- Container
- Network Proxy Endpoint
- Autonomous System
- Unmapped
- Geo Location
- Operating System (OS)
- User
This page describes ocsf-1.4.0
Updated 6 months ago