Network Endpoint

The Network Endpoint object describes characteristics of a network endpoint. These can be a source or destination of a network connection.

Extends: endpoint

Attributes

container

Type: container
Requirement: recommended

The information describing an instance of a container. A container is a prepackaged, portable system image that runs isolated on an existing system using a container runtime like containerd.

hostname

Type: hostname_t
Requirement: recommended

The fully qualified name of the endpoint.

instance_uid

Type: string_t
Requirement: recommended

The unique identifier of a VM instance.

interface_name

Type: string_t
Requirement: recommended

The name of the network interface (e.g. eth2).

interface_uid

Type: string_t
Requirement: recommended

The unique identifier of the network interface.

ip

Type: ip_t
Requirement: recommended

The IP address of the endpoint, in either IPv4 or IPv6 format.

name

Type: string_t
Requirement: recommended

The short name of the endpoint.

namespace_pid

Type: integer_t
Requirement: recommended

If running under a process namespace (such as in a container), the process identifier within that process namespace.

owner

Type: user
Requirement: recommended

The identity of the service or user account that owns the endpoint or was last logged into it.

port

Type: port_t
Requirement: recommended

The port used for communication within the network connection.

svc_name

Type: string_t
Requirement: recommended

The service name in service-to-service connections. For example, AWS VPC logs the pkt-src-aws-service and pkt-dst-aws-service fields identify the connection is coming from or going to an AWS service.

type_id

Type: integer_t
Requirement: recommended
Values:
- 0 - Unknown: The type is unknown.
- 1 - Server: A server.
- 2 - Desktop: A desktop computer.
- 3 - Laptop: A laptop computer.
- 4 - Tablet: A tablet computer.
- 5 - Mobile: A mobile phone.
- 6 - Virtual: A virtual machine.
- 7 - IOT: An IOT (Internet of Things) device.
- 8 - Browser: A web browser.
- 9 - Firewall: A networking firewall.
- 10 - Switch: A networking switch.
- 11 - Hub: A networking hub.
- 12 - Router: A networking router.
- 13 - IDS: An intrusion detection system.
- 14 - IPS: An intrusion prevention system.
- 15 - Load Balancer: A Load Balancer device.
- 99 - Other: The type is not mapped. See the type attribute, which contains a data source specific value.

The network endpoint type ID.

uid

Type: string_t
Requirement: recommended

The unique identifier of the endpoint.

agent_list

Type: agent
Requirement: optional

A list of agent objects associated with a device, endpoint, or resource.

autonomous_system

Type: autonomous_system
Requirement: optional

The Autonomous System details associated with an IP address.

domain

Type: string_t
Requirement: optional

The name of the domain that the endpoint belongs to or that corresponds to the endpoint.

hw_info

Type: device_hw_info
Requirement: optional

The endpoint hardware information.

intermediate_ips

Type: ip_t
Requirement: optional

The intermediate IP Addresses. For example, the IP addresses in the HTTP X-Forwarded-For header.

isp

Type: string_t
Requirement: optional

The name of the Internet Service Provider (ISP).

isp_org

Type: string_t
Requirement: optional

The organization name of the Internet Service Provider (ISP). This represents the parent organization or company that owns/operates the ISP. For example, Comcast Corporation would be the ISP org for Xfinity internet service. This attribute helps identify the ultimate provider when ISPs operate under different brand names.

location

Type: location
Requirement: optional

The geographical location of the endpoint.

mac

Type: mac_t
Requirement: optional

The Media Access Control (MAC) address of the endpoint.

network_scope

Type: string_t
Requirement: optional

Indicates whether the endpoint resides inside the customer’s network, outside on the Internet, or if its location relative to the customer’s network cannot be determined. The value is normalized to the caption of the network_scope_id.

network_scope_id

Type: integer_t
Requirement: optional
Values:
- 0 - Unknown: Unknown whether this endpoint resides within the customer’s network.
- 1 - Internal: The endpoint resides inside the customer’s network.
- 2 - External: The endpoint is on the Internet or otherwise external to the customer’s network.
- 99 - Other: The network scope is not mapped. See the network_scope attribute, which contains a data source specific value.

The normalized identifier of the endpoint’s network scope. The normalized network scope identifier indicates whether the endpoint resides inside the customer’s network, outside on the Internet, or if its location relative to the customer’s network cannot be determined.

os

Type: os
Requirement: optional

The endpoint operating system.

proxy_endpoint

Type: network_proxy
Requirement: optional

The network proxy information pertaining to a specific endpoint. This can be used to describe information pertaining to network address translation (NAT).

subnet_uid

Type: string_t
Requirement: optional

The unique identifier of a virtual subnet.

type

Type: string_t
Requirement: optional

The network endpoint type. For example: unknown, server, desktop, laptop, tablet, mobile, virtual, browser, or other.

vlan_uid

Type: string_t
Requirement: optional

The Virtual LAN identifier.

vpc_uid

Type: string_t
Requirement: optional

The unique identifier of the Virtual Private Cloud (VPC).

zone

Type: string_t
Requirement: optional

The network zone or LAN segment.

Constraints

At least one of: ip, uid, name, hostname, svc_name, instance_uid, interface_uid, interface_name, domain

Network Endpoint

Attributes

Constraints

Used By