Network Proxy Endpoint

network_proxy

The network proxy endpoint object describes a proxy server, which acts as an intermediary between a client requesting a resource and the server providing that resource.

Attributes

CaptionNameTypeDescription
Agent List agent_list Agent[] A list of agent objects associated with a device, endpoint, or resource.
Autonomous System autonomous_system Autonomous System[] The Autonomous System details associated with an IP address.
Container container Container[] Entity:CONTAINER
Group:context
The information describing an instance of a container. A container is a prepackaged, portable system image that runs isolated on an existing system using a container runtime like containerd.
Domain domain String The name of the domain that the endpoint belongs to or that corresponds to the endpoint.
Hostname hostname Hostname Entity:HOSTNAME
The fully qualified name of the endpoint.
Hardware Info hw_info Device Hardware Info[] The endpoint hardware information.
Instance ID instance_uid String The unique identifier of a VM instance.
Network Interface Name interface_name String The name of the network interface (e.g. eth2).
Network Interface ID interface_uid String The unique identifier of the network interface.
Intermediate IP Addresses intermediate_ips IP Address[] Entity:IP_ADDRESS
The intermediate IP Addresses. For example, the IP addresses in the HTTP X-Forwarded-For header.
IP Address ip IP Address Entity:IP_ADDRESS
The IP address of the endpoint, in either IPv4 or IPv6 format.
IP Intelligence ip_intelligence IP Threat Intelligence[] Insights from threat intelligence platforms about IP Address
Geo Location location Geo Location[] Entity:GEO_LOCATION
The geographical location of the endpoint.
MAC Address mac MAC Address Entity:MAC_ADDRESS
The Media Access Control (MAC) address of the endpoint.
Name name String The short name of the endpoint.
Namespace PID namespace_pid Integer Group:context
If running under a process namespace (such as in a container), the process identifier within that process namespace.
OS os Operating System (OS)[] The endpoint operating system.
Owner owner User[] Entity:USER
The identity of the service or user account that owns the endpoint or was last logged into it.
Port port Port Entity:PORT
The port used for communication within the network connection.
Proxy Endpoint proxy_endpoint Network Proxy Endpoint[] The network proxy information pertaining to a specific endpoint. This can be used to describe information pertaining to network address translation (NAT).
Raw Data raw_data JSON Group:context
The event data as received from the event source.
Record ID record_id String Group:primary
Unique identifier for the object
Subnet UID subnet_uid String The unique identifier of a virtual subnet.
Service Name svc_name String The service name in service-to-service connections. For example, AWS VPC logs the pkt-src-aws-service and pkt-dst-aws-service fields identify the connection is coming from or going to an AWS service.
Type type String The network endpoint type. For example: unknown, server, desktop, laptop, tablet, mobile, virtual, browser, or other.
Type ID type_id Integer The network endpoint type ID.
  • 0: Unknown (UNKNOWN)
  • 1: Server (SERVER)
  • 10: Switch (SWITCH)
  • 11: Hub (HUB)
  • 12: Router (ROUTER)
  • 13: IDS (IDS)
  • 14: IPS (IPS)
  • 15: Load Balancer (LOAD_BALANCER)
  • 2: Desktop (DESKTOP)
  • 3: Laptop (LAPTOP)
  • 4: Tablet (TABLET)
  • 5: Mobile (MOBILE)
  • 6: Virtual (VIRTUAL)
  • 7: IOT (IOT)
  • 8: Browser (BROWSER)
  • 9: Firewall (FIREWALL)
  • 99: Other (OTHER)
Unique ID uid String The unique identifier of the endpoint.
Unmapped unmapped Unmapped[] Data from the source that was not mapped into the schema.
VLAN vlan_uid String The Virtual LAN identifier.
VPC UID vpc_uid String The unique identifier of the Virtual Private Cloud (VPC).
Network Zone zone String The network zone or LAN segment.

Relationships

Network Proxy Endpoint shown in context

Inbound Relationships

These objects and events reference Network Proxy Endpoint in their attributes:

Outbound Relationships

Network Proxy Endpoint references the following objects and events in its attributes:

This page describes ocsf-1.4.0