NetworkConnection¶
Details for a low-level network connection by IP
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| objectid | ObjectID | The object ID of the network object | Yes |
None |
| destination_ip | IP | The destination IP of the connection | Optional |
None |
| destination_port | Integer | The destination port of the connection | Optional |
None |
| transport_layer_protocol | Enum | The transport layer protocol of the connection Supported values are: "tcp", "udp" |
Optional |
None |
| direction | Enum | The direction of the network connection Supported values are: "inbound", "outbound", "unknown" |
Optional |
None |
| process | Process | The process that spawned the network connection | Optional |
None |
| source_ip | IP | The source IP of the connection | Optional |
None |
| source_port | Integer | The source port of the connection | Optional |
None |
| http_details | NetworkHTTP | HTTP-specific details of request | Optional |
None |
| dns_details | NetworkDNS | DNS-specific details of request | Optional |
None |
| smtp_details | NetworkSMTP | SMTP-specific details of request | Optional |
None |
| connection_type | Enum | None Supported values are: "dns", "http", "smtp", "tls" |
Optional |
None |
NetworkDNS¶
Details for a DNS request
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| domain | Domain | The domain requested | Yes |
None |
| resolved_ips | List [IP] | A list of IPs that were resolved | Yes |
None |
| lookup_type | Enum | The type of DNS request Supported values are: "A", "AAAA", "AFSDB", "APL", "CAA", "CDNSKEY", "CDS", "CERT", "CNAME", "CSYNC", "DHCID", "DLV", "DNAME", "DNSKEY", "DS", "EUI48", "EUI64", "HINFO", "HIP", "HTTPS", "IPSECKEY", "KEY", "KX", "LOC", "MX", "NAPTR", "NS", "NSEC", "NSEC3", "NSEC3PARAM", "OPENPGPKEY", "PTR", "RP", "RRSIG", "SIG", "SMIMEA", "SOA", "SRV", "SSHFP", "SVCB", "TA", "TKEY", "TLSA", "TSIG", "TXT", "URI", "ZONEMD" |
Yes |
None |
NetworkHTTP¶
Details for an HTTP request
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| request_uri | URI | The URI requested | Yes |
None |
| request_headers | Mapping [String, Json] | Headers included in the request | Yes |
None |
| request_method | Enum | The method of the request Supported values are: "BCOPY", "BDELETE", "BMOVE", "BPROPFIND", "BPROPPATCH", "CONNECT", "COPY", "DELETE", "GET", "HEAD", "LOCK", "MKCOL", "MOVE", "NOTIFY", "OPTIONS", "PATCH", "POLL", "POST", "PROPFIND", "PROPPATCH", "PUT", "SEARCH", "SUBSCRIBE", "TRACE", "UNLOCK", "UNSUBSCRIBE", "X-MS-ENUMATTS" |
Yes |
None |
| response_headers | Mapping [String, Json] | Headers included in the response | Yes |
None |
| request_body | Text | The body of the request | Optional |
None |
| response_status_code | Integer | The status code of the response | Optional |
None |
| response_body | Text | The body of the response | Optional |
None |
| response_content_fileinfo | File | The file information of the response content | Optional |
None |
| response_content_mimetype | Text | The response content mimetype returned by the server | Optional |
None |
NetworkSMTP¶
Details for an SMTP request
| Field | Type | Description | Required | Default |
|---|---|---|---|---|
| mail_from | Sender of the email | Yes |
None |
|
| mail_to | List [Email] | Recipients of the email | Yes |
None |
| attachments | List [File] | The file information about the attachments | Optional |
None |