Network Connection

Description

Offers fields related to network connections events.
This preset is a story that contains fields originating from Palo Alto Network next-generation firewall logs, third party firewall logs, as well as information received from the Cortex XDR agent.

Preset Fields

The
network_story
preset has the following fields:
Field Name
(Datatype)
Description
action_​app_​id_​transitions
(string)
List of application ids
action_​country
(string)
None Available
action_​local_​ip
(string)
Source IP address
action_​local_​port
(integer)
Source port
action_​network_​protocol
(integer)
Internet protocol number based on IPPROTO or normalised to IPPROTO (same as java)
action_​network_​success
(boolean)
None Available
action_​remote_​ip
(string)
Destination IP address
action_​remote_​port
(integer)
Destination port
actor_​effective_​username
(string)
Name assigned to 'actor_effective_user_sid' Win: Including domain
actor_​process_​command_​line
(string)
None Available
actor_​process_​image_​md5
(string)
None Available
actor_​process_​image_​name
(string)
None Available
actor_​process_​image_​path
(string)
None Available
actor_​process_​image_​sha256
(string)
None Available
actor_​process_​os_​pid
(integer)
None Available
actor_​process_​signature_​status
(integer)
None Available
actor_​process_​signature_​vendor
(string)
None Available
agent_​hostname
(string)
Hostname of the agent
agent_​install_​type
(integer)
None Available
agent_​ip_​addresses
(string)
All IPv4 interface addresses
agent_​os_​type
(integer)
None Available
causality_​actor_​process_​command_​line
(string)
None Available
causality_​actor_​process_​image_​md5
(string)
None Available
causality_​actor_​process_​image_​name
(string)
None Available
causality_​actor_​process_​image_​path
(string)
None Available
causality_​actor_​process_​image_​sha256
(string)
None Available
causality_​actor_​process_​os_​pid
(integer)
None Available
causality_​actor_​process_​signature_​status
(integer)
None Available
causality_​actor_​process_​signature_​vendor
(string)
None Available
causality_​actor_​type
(integer)
None Available
dst_​action_​country
(string)
None Available
dst_​action_​external_​hostname
(string)
None Available
dst_​actor_​effective_​username
(string)
None Available
dst_​actor_​process_​command_​line
(string)
None Available
dst_​actor_​process_​image_​md5
(string)
None Available
dst_​actor_​process_​image_​name
(string)
None Available
dst_​actor_​process_​image_​path
(string)
None Available
dst_​actor_​process_​image_​sha256
(string)
None Available
dst_​actor_​process_​os_​pid
(integer)
None Available
dst_​actor_​process_​signature_​status
(integer)
None Available
dst_​actor_​process_​signature_​vendor
(string)
None Available
dst_​agent_​hostname
(string)
None Available
dst_​agent_​install_​type
(integer)
None Available
dst_​agent_​ip_​addresses
(string)
None Available
dst_​agent_​os_​type
(integer)
None Available
dst_​causality_​actor_​process_​command_​line
(string)
None Available
dst_​causality_​actor_​process_​image_​md5
(string)
None Available
dst_​causality_​actor_​process_​image_​name
(string)
None Available
dst_​causality_​actor_​process_​image_​path
(string)
None Available
dst_​causality_​actor_​process_​image_​sha256
(string)
None Available
dst_​causality_​actor_​process_​os_​pid
(integer)
None Available
dst_​causality_​actor_​process_​signature_​status
(integer)
None Available
dst_​causality_​actor_​process_​signature_​vendor
(string)
None Available
dst_​mac
(string)
None Available
dst_​os_​actor_​process_​command_​line
(string)
None Available
dst_​os_​actor_​process_​image_​name
(string)
None Available
dst_​os_​actor_​process_​image_​path
(string)
None Available
dst_​os_​actor_​process_​os_​pid
(integer)
None Available
dst_​os_​actor_​process_​signature_​status
(integer)
None Available
dst_​user_​id
(string)
None Available
mac
(string)
None Available
os_​actor_​process_​command_​line
(string)
None Available
os_​actor_​process_​image_​name
(string)
None Available
os_​actor_​process_​image_​path
(string)
None Available
os_​actor_​process_​os_​pid
(integer)
None Available
os_​actor_​process_​signature_​status
(integer)
None Available
user_​id
(string)
None Available

Recommended For You