Network
Return information about network events
Property |
Type |
Description |
Example |
---|---|---|---|
DestinationIpAddressV4 |
ipv4 address |
The ipv4 destination address of Firewall detection. Supports masks. |
192.168.0.1, supports masks - 192.168.0.0/16 |
DestinationIpAddressV6 |
ipv6 address |
The ipv6 destination address of Firewall detection. Supports masks. |
2001:db8:85a3:8d3:1319:8a2e:370:0, supports masks - 2001:db8:85a3:8d3:1319:8a2e:370:0/112 |
Hostname |
String |
The target hostname |
|
Inbound |
Bool |
The connection is inbound |
true/false |
IpAddressV4 |
ipv4 address |
The ipv4 address target of the event. Supports masks. |
192.168.0.1, supports masks - 192.168.0.0/16 |
IpAddressV6 |
ipv6 address |
The ipv6 address target of the event. Supports masks. |
2001:db8:85a3:8d3:1319:8a2e:370:0, supports masks - 2001:db8:85a3:8d3:1319:8a2e:370:0/112 |
Port |
Int |
The TCP/UDP target port |
8080 |
Protocol |
String |
The protocol used by the connection |
HTTP, HTTPS, etc. |
SourceIpAddressV4 |
ipv4 address |
The ipv4 source address of Firewall detection. Supports masks. |
192.168.0.1, supports masks - 192.168.0.0/16 |
SourceIpAddressV6 |
ipv6 address |
The ipv6 source address of Firewall detection. Supports masks. |
2001:db8:85a3:8d3:1319:8a2e:370:0, supports masks - 2001:db8:85a3:8d3:1319:8a2e:370:0/112 |
Url |
String |
If the request involved a URL (i.e., HTTP request) |
The target URL |
Example:
<definition> <operations> <operation type="TcpIpConnect"> <operator type="or"> <condition component="Network" property="IpAddressV4" condition="is" value="10.0.0.0/8" /> <condition component="Network" property="IpAddressV4" condition="is" value="172.16.0.0/12" /> <condition component="Network" property="IpAddressV4" condition="is" value="192.168.0.0/16" /> <condition component="Network" property="IpAddressV4" condition="is" value="127.0.0.0/8" /> <condition component="Network" property="IpAddressV6" condition="is" value="::1/128" /> <condition component="Network" property="IpAddressV6" condition="is" value="fc00::/7" /> </operator> </operation> </operations> </definition> |
Supported Operations and their components:
|
Network |
---|---|
Detection |
X |
HttpRequest |
X |
TcpIpAccept |
X |
TcpIpConnect |
X |
TcpIpProtocolIdentified |
X |