| network_application |
facebook, instagram |
keyword/loweronly |
Application name - Facebook, etc. |
| network_bytes |
71238 |
long |
Bytes transferred during a connection, may be calculated by summing bytes sent/received (source_bytes_sent/destination_bytes_sent) - some vendors may report this as packet_length |
| network_bytes_rx |
|
|
DEPRECATED - use destination_bytes_sent |
| network_bytes_tx |
|
|
DEPRECATED - use source_bytes_sent |
| network_community_id |
|
keyword |
See: https://github.com/corelight/community-id-spec |
| network_connection_duration |
00:23:45 |
keyword |
Duration of time a network connection was established |
| network_connection_uid |
CMdzit1AMNsmfAIiQc |
keyword |
Unique identifier value for a network connection |
| network_data_bytes |
71238 |
long |
Total bytes of the data payload |
| network_direction |
inbound, outbound, lateral |
keyword |
Indicates the direction of the observed network flow. The value for this field be either inbound, outbound, or lateral. |
| network_forwarded_ip |
10.1.2.3, fe80:5cc3:11:4::2c |
ip |
|
| network_header_bytes |
71238 |
long |
Total bytes of packet header information |
| network_iana_number |
6, 17, 41 |
integer |
https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml |
| network_icmp_type |
echo, time exceeded |
keyword |
Text representation of ICMP type, from https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml#icmp-parameters-types |
| network_icmp_type_number |
1, 11 |
long |
Numeric representation of ICMP type, from https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml#icmp-parameters-types |
| network_icmp_code |
|
keyword |
Text representation of ICMP type code, from https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml#icmp-parameters-codes |
| network icmp_code_number |
1, 3 |
long |
Numeric representation of ICMP type code, from https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml#icmp-parameters-codes |
| network_inner |
|
|
TBD |
| network_interface_in |
gi0/1 |
keyword/loweronly |
Name of interface traffic receiving traffic |
| network_interface_out |
gi0/1 |
keyword/loweronly |
Name of interface traffic sending traffic |
| network_ip_version |
4, 6 |
keyword |
IPv4 or IPv6 |
| network_name |
|
|
TBD |
| network_packets |
71238 |
long |
Count of packets transferred during a connection, may be calculated by summing packets sent/received (source_packets_sent/destination_packets_sent) |
| network_packets_rx |
|
|
DEPRECATED - use destination_packets_sent |
| network_packets_tx |
|
|
DEPRECATED - use source_packets_sent |
| network_protocol |
ipv4, ipv6, icmp |
keyword/loweronly |
Protocol names, preferrably from the Keyword column in https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml |
| network_transport |
udp, tcp |
keyword/loweronly |
transport layer protocol of packet/connection |
| network_tunnel_type |
gre, ipsec |
keyword/loweronly |
tunnel type |
| network_tunnel_duration |
2093847 |
long |
time in seconds for tunnel duration |
| network_type |
|
|
TBD - maybe not needed since network_protocol |