Network

Description

This preset offers fields related to network traffic, both inbound and outbound.

Preset Fields

The
xdr_network
preset has the following fields:
Field Name
(Datatype)
Description
action_​country
(string)
None Available
action_​external_​hostname
(string)
None Available
action_​local_​ip
(string)
Source IP address
action_​local_​port
(integer)
Source port
action_​network_​is_​npcap
(boolean)
None Available
action_​remote_​ip
(string)
Destination IP address
action_​remote_​port
(integer)
Destination port
actor_​effective_​username
(string)
Name assigned to 'actor_effective_user_sid' Win: Including domain
actor_​process_​command_​line
(string)
None Available
actor_​process_​image_​md5
(string)
None Available
actor_​process_​image_​name
(string)
None Available
actor_​process_​image_​path
(string)
None Available
actor_​process_​image_​sha256
(string)
None Available
actor_​process_​os_​pid
(integer)
None Available
actor_​process_​signature_​status
(integer)
None Available
actor_​process_​signature_​vendor
(string)
None Available
actor_​remote_​host
(string)
None Available
actor_​remote_​ip
(string)
None Available
actor_​remote_​pipe_​name
(string)
None Available
actor_​remote_​port
(integer)
None Available
actor_​thread_​thread_​id
(integer)
An identifier of the OS thread which is responsible for the event
actor_​type
(integer)
None Available
agent_​hostname
(string)
Hostname of the agent
agent_​install_​type
(integer)
None Available
agent_​ip_​addresses
(string)
All IPv4 interface addresses
agent_​os_​type
(integer)
None Available
causality_​actor_​process_​command_​line
(string)
None Available
causality_​actor_​process_​image_​md5
(string)
None Available
causality_​actor_​process_​image_​name
(string)
None Available
causality_​actor_​process_​image_​path
(string)
None Available
causality_​actor_​process_​image_​sha256
(string)
None Available
causality_​actor_​process_​os_​pid
(integer)
None Available
causality_​actor_​process_​signature_​status
(integer)
None Available
causality_​actor_​process_​signature_​vendor
(string)
None Available
causality_​actor_​remote_​host
(string)
None Available
causality_​actor_​remote_​ip
(string)
None Available
causality_​actor_​remote_​pipe_​name
(string)
None Available
causality_​actor_​remote_​port
(integer)
None Available
causality_​actor_​type
(integer)
None Available
event_​sub_​type
(integer)
None Available
os_​actor_​process_​command_​line
(string)
None Available
os_​actor_​process_​image_​name
(string)
None Available
os_​actor_​process_​image_​path
(string)
None Available
os_​actor_​process_​os_​pid
(integer)
None Available
os_​actor_​process_​signature_​status
(integer)
None Available
os_​actor_​thread_​thread_​id
(integer)
None Available

Recommended For You