Destination Fields¶
| Field Name | Example Values | Field Type | Notes |
|---|---|---|---|
| destination_application_name | facebook, twitter | keyword | Describes the target application |
| destination_domain | corp.local | keyword (normalized:loweronly) | Destination domain context |
| destination_bytes_sent | long | Network bytes sent by destination to the source. Some sources may present this as source bytes received, bytes received, or similar. | |
| destination_hostname | keyword (normalized:loweronly) | ||
| destination_ip | 10.1.2.3, fe80:5cc3:11:4::2c | ip | IPv4 and IPv6 addresses |
| destination_nat_ip | 10.1.2.3, fe80:5cc3:11:4::2c | ip | |
| destination_nat_port | 2356 | integer | |
| destination_packets_sent | 73458324 | long | Number of packets delivered to the destination endpoint |
| destination_port | 80 | integer | |
| destination_vsys_uuid | keyword | ||
| destination_zone | keyword |
| Field Name | Example Values | Field Type | Notes |
|---|---|---|---|
| destination_as_* | See: as_* fields | ||
| destination_category | keyword | Future: from entity mapping | |
| destination_geo_* | See: geo_* fields | ||
| destination_location_name | Chicago, US, Datacenter 01, Bismark - Finance | keyword | Field is derived either from an internal enterprise network definition or the Geo location fields if availble |
| destination_mac | a0:b4:44:01:a9:d1 | keyword | MAC address of host, colon-delimited and lower case |
| destination_priority | critical, high, medium, low, informational | keyword | Future: from entity mapping |
| destination_priority_level | 1-4 | byte | 1 = Critical, 2 = High, 3 = Medium, 4 = Low, 5 = Informational |
| destination_reference | IPv4, IPv6, hostname,fqdn | keyword (normalized:loweronly) | Mapped from source_ip or source_hostname in that order |