Network Traffic

network_traffic

The Network Traffic object describes characteristics of network traffic. Network traffic refers to data moving across a network at a given point of time. Defined by D3FEND d3f:NetworkTraffic.

Contents

Attributes

Caption Name Type Is Array Default Description
Total Bytes bytes Long 0 The total number of bytes (in and out).
Bytes In bytes_in Long 0 The number of bytes sent from the destination to the source.
Bytes Out bytes_out Long 0 The number of bytes sent from the source to the destination.
Chunks chunks Long The total number of chunks (in and out).
Chunks In chunks_in Long The number of chunks sent from the destination to the source.
Chunks Out chunks_out Long The number of chunks sent from the source to the destination.
Total Packets packets Long 0 The total number of packets (in and out).
Packets In packets_in Long 0 The number of packets sent from the destination to the source.
Packets Out packets_out Long 0 The number of packets sent from the source to the destination.
Raw Data raw_data JSON The event data as received from the event source.
Record ID record_id String Unique identifier for the object
Unmapped Data unmapped Unmapped The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.

Context

Network Traffic

JSON

            
{
  "caption": "Network Traffic",
  "description": "The Network Traffic object describes characteristics of network traffic. Network traffic refers to data moving across a network at a given point of time. Defined by D3FEND <a target='_blank' href='https://d3fend.mitre.org/dao/artifact/d3f:NetworkTraffic/'>d3f:NetworkTraffic</a>.",
  "extends": "object",
  "name": "network_traffic",
  "attributes": {
    "bytes": {
      "requirement": "recommended",
      "caption": "Total Bytes",
      "description": "The total number of bytes (in and out).",
      "type": "long_t",
      "default": 0
    },
    "bytes_in": {
      "requirement": "optional",
      "caption": "Bytes In",
      "description": "The number of bytes sent from the destination to the source.",
      "type": "long_t",
      "default": 0
    },
    "bytes_out": {
      "requirement": "optional",
      "caption": "Bytes Out",
      "description": "The number of bytes sent from the source to the destination.",
      "type": "long_t",
      "default": 0
    },
    "packets": {
      "requirement": "recommended",
      "caption": "Total Packets",
      "description": "The total number of packets (in and out).",
      "type": "long_t",
      "default": 0
    },
    "packets_in": {
      "requirement": "optional",
      "caption": "Packets In",
      "description": "The number of packets sent from the destination to the source.",
      "type": "long_t",
      "default": 0
    },
    "packets_out": {
      "requirement": "optional",
      "caption": "Packets Out",
      "description": "The number of packets sent from the source to the destination.",
      "type": "long_t",
      "default": 0
    },
    "chunks": {
      "description": "The total number of chunks (in and out).",
      "requirement": "optional",
      "caption": "Chunks",
      "type": "long_t"
    },
    "chunks_in": {
      "description": "The number of chunks sent from the destination to the source.",
      "requirement": "optional",
      "caption": "Chunks In",
      "type": "long_t"
    },
    "chunks_out": {
      "description": "The number of chunks sent from the source to the destination.",
      "requirement": "optional",
      "caption": "Chunks Out",
      "type": "long_t"
    },
    "raw_data": {
      "group": "context",
      "caption": "Raw Data",
      "description": "The event data as received from the event source.",
      "type": "json_t"
    },
    "record_id": {
      "description": "Unique identifier for the object",
      "group": "primary",
      "requirement": "required",
      "caption": "Record ID",
      "type": "string_t"
    },
    "unmapped": {
      "caption": "Unmapped Data",
      "description": "The attributes that are not mapped to the event schema. The names and values of those attributes are specific to the event source.",
      "type": "unmapped",
      "is_array": true
    }
  }
}