Network Interface
network_interface
The Network Interface object describes the type and associated attributes of a network interface.
Contents
Attributes
| Caption | Name | Type | Is Array | Default | Description |
|---|---|---|---|---|---|
| Hostname | hostname | Hostname | The hostname associated with the network interface. | ||
| IP Address | ip | IP Address | The IP address associated with the network interface. | ||
| MAC Address | mac | MAC Address | The MAC address of the network interface. | ||
| Name | name | String | The name of the network interface. | ||
| Namespace | namespace | String | The namespace is useful in merger or acquisition situations. For example, when similar entities exist that you need to keep separate. | ||
| Raw Data | raw_data | JSON | The event data as received from the event source. | ||
| Record ID | record_id | String | Unique identifier for the object | ||
| Reputation Scores | reputation | Reputation |
Contains the original and normalized reputation scores.
Deprecated since 1.1.0: Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0 |
||
| Subnet Prefix Length | subnet_prefix | Integer | The subnet prefix length determines the number of bits used to represent the network part of the IP address. The remaining bits are reserved for identifying individual hosts within that subnet. | ||
| Type | type | String | The type of network interface. | ||
| Type ID | type_id | Integer | 0 |
The network interface type identifier.
|
|
| Unique ID | uid | String | The unique identifier for the network interface. | ||
| Unmapped Data | unmapped | Unmapped | The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source. |
References
Referenced By
Context
JSON
{
"caption": "Network Interface",
"description": "The Network Interface object describes the type and associated attributes of a network interface.",
"extends": "_entity",
"name": "network_interface",
"attributes": {
"hostname": {
"description": "The hostname associated with the network interface.",
"requirement": "recommended",
"caption": "Hostname",
"type": "hostname_t"
},
"ip": {
"description": "The IP address associated with the network interface.",
"requirement": "recommended",
"caption": "IP Address",
"type": "ip_t"
},
"mac": {
"description": "The MAC address of the network interface.",
"requirement": "recommended",
"caption": "MAC Address",
"type": "mac_t"
},
"name": {
"description": "The name of the network interface.",
"requirement": "recommended",
"caption": "Name",
"type": "string_t"
},
"namespace": {
"requirement": "optional",
"caption": "Namespace",
"description": "The namespace is useful in merger or acquisition situations. For example, when similar entities exist that you need to keep separate.",
"type": "string_t"
},
"subnet_prefix": {
"requirement": "optional",
"caption": "Subnet Prefix Length",
"description": "The subnet prefix length determines the number of bits used to represent the network part of the IP address. The remaining bits are reserved for identifying individual hosts within that subnet.",
"type": "integer_t"
},
"type": {
"description": "The type of network interface.",
"requirement": "optional",
"caption": "Type",
"type": "string_t"
},
"type_id": {
"description": "The network interface type identifier.",
"enum": {
"0": {
"caption": "Unknown",
"description": "The type is unknown."
},
"1": {
"caption": "Wired"
},
"2": {
"caption": "Wireless"
},
"3": {
"caption": "Mobile"
},
"4": {
"caption": "Tunnel"
},
"99": {
"caption": "Other",
"description": "The type is not mapped. See the <code>type</code> attribute, which contains a data source specific value."
}
},
"requirement": "required",
"caption": "Type ID",
"sibling": "type",
"type": "integer_t",
"default": 0
},
"uid": {
"description": "The unique identifier for the network interface.",
"requirement": "optional",
"caption": "Unique ID",
"type": "string_t"
},
"raw_data": {
"group": "context",
"caption": "Raw Data",
"description": "The event data as received from the event source.",
"type": "json_t"
},
"record_id": {
"description": "Unique identifier for the object",
"group": "primary",
"requirement": "required",
"caption": "Record ID",
"type": "string_t"
},
"unmapped": {
"caption": "Unmapped Data",
"description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
"type": "unmapped",
"is_array": true
},
"reputation": {
"requirement": "optional",
"caption": "Reputation Scores",
"description": "Contains the original and normalized reputation scores.",
"type": "reputation",
"@deprecated": {
"since": "1.1.0",
"message": "Deprecated in upgrade from ocsf-0.31.1 to qdm-1.1.0"
}
}
},
"constraints": {
"at_least_one": [
"ip",
"mac",
"name",
"hostname"
]
}
}