| network_application |
facebook, instagram |
keyword/loweronly |
Application name - Facebook, etc. |
| network_bytes |
71238 |
long |
Total bytes transmitted during the connection. This field may be calculated by summing bytes sent/received. |
| network_bytes_rx |
71238 |
long |
Bytes sent from destination to the source |
| network_bytes_tx |
71238 |
long |
Bytes sent from source to the destination |
| network_community_id |
|
keyword |
See: https://github.com/corelight/community-id-spec |
| network_data_bytes |
71238 |
long |
Total bytes of the data payload. |
| network_direction |
|
keyword |
|
| network_forwarded_ip |
10.1.2.3, fe80:5cc3:11:4::2c |
ip |
|
| network_header_bytes |
71238 |
long |
Total bytes of packet header information |
| network_iana_number |
6, 17, 41 |
integer |
https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml |
| network_icmp_type |
echo, time exceeded |
keyword |
https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml |
| network_inner |
|
|
TBD |
| network_interface_in |
gi0/1 |
keyword/loweronly |
|
| network_interface_out |
gi0/1 |
keyword/loweronly |
|
| network_ip_version |
4, 6 |
keyword |
IPv4 or IPv6 |
| network_name |
|
|
TBD |
| network_packets |
71238 |
long |
|
| network_packets_rx |
71238 |
long |
Number of packets sent from the destination to the source |
| network_packets_tx |
71238 |
long |
Number of packets sent from the source to the destination |
| network_protocol |
ipv4, ipv6, icmp |
keyword/loweronly |
|
| network_transport |
udp, tcp |
keyword |
transport layer protocol of packet/connection |
| network_tunnel_type |
GRE, IPSEC |
keyword |
tunnel type |
| network_tunnel_duration |
2093847 |
long |
time in seconds for tunnel duration |
| network_type |
|
|
TBD - maybe not needed since network_protocol |