-
Notifications
You must be signed in to change notification settings - Fork 15
/
ip.yml
27 lines (27 loc) · 889 Bytes
/
ip.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
name: Ip
prefix:
- Ip
id: 3D673B51-773A-433E-AE6B-EA4CD6B5F775
description: Event fields used to define/normalize metadata about IP addresses in a network. It follows the standard from the Destination, Source and device categories.
extends_entities:
- Destination
- DestinationNat
- Source
- SourceNat
- Any
- Device
attributes:
- name: Addr
type: ip
description: IP address assigned to the device generating the event and/or the IP address in the network packet. This could be used in the context of source, destination, device and even NAT when it is provided by an intermediary NAT device such as a firewall.
sample_value: 192.168.1.2
- name: IsIpv6
type: boolean
description: If IP address is IP version 6
sample_value: 'false'
- name: DhcpAssignedIpAddr
type: ip
description: IP address assigned by the DHCP server.
sample_value: 192.168.1.2
references: []
tags: []