You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/network-normalization-schema.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -145,14 +145,14 @@ The descriptor `Dvc` is used for the reporting device, which is the local system
145
145
|**SessionId**| Alias | String | Alias to [NetworkSessionId](#networksessionid). |
146
146
|||||
147
147
148
-
### Destination device fields
148
+
### Destination system fields
149
149
150
150
| Field | Class | Type | Description |
151
151
|-------|-------|------|-------------|
152
152
| <aname="dst"></a>**Dst**| Recommended | String | A unique identifier of the server receiving the DNS request. <br><br>This field might alias the [DstDvcId](#dstdvcid), [DstHostname](#dsthostname), or [DstIpAddr](#dstipaddr) fields. <br><br>Example: `192.168.12.1`|
153
153
|<aname="dstipaddr"></a> **DstIpAddr**| Recommended | IP address | The IP address of the connection or session destination. If the session uses network address translation, this is the publicly visible address, and not the original address of the source which is stored in [DstNatIpAddr](#dstnatipaddr)<br><br>Example: `2001:db8::ff00:42:8329`<br><br>**Note**: This value is mandatory if [DstHostname](#dsthostname) is specified. |
154
154
| <aname="dstportnumber"></a>**DstPortNumber**| Optional | Integer | The destination IP port.<br><br>Example: `443`|
155
-
| <aname="dsthostname"></a>**DstHostname**| Recommended | Hostname | The destination device hostname, excluding domain information. If no device name is available, store the relevant IP address in this field.<br><br>Example: `DESKTOP-1282V4D`<br><br>**Note**: This value is mandatory if [DstIpAddr](#dstipaddr) is specified.|
155
+
| <aname="dsthostname"></a>**DstHostname**| Recommended | Hostname | The destination device hostname, excluding domain information. If no device name is available, store the relevant IP address in this field.<br><br>Example: `DESKTOP-1282V4D`|
156
156
| <aname="dstdomain"></a>**DstDomain**| Recommended | String | The domain of the destination device.<br><br>Example: `Contoso`|
157
157
| <aname="dstdomaintype"></a>**DstDomainType**| Recommended | Enumerated | The type of [DstDomain](#dstdomain). For a list of allowed values and further information refer to [DomainType](normalization-about-schemas.md#domaintype) in the [Schema Overview article](normalization-about-schemas.md).<br><br>Required if [DstDomain](#dstdomain) is used. |
158
158
|**DstFQDN**| Optional | String | The destination device hostname, including domain information when available. <br><br>Example: `Contoso\DESKTOP-1282V4D` <br><br>**Note**: This field supports both traditional FQDN format and Windows domain\hostname format. The [DstDomainType](#dstdomaintype) reflects the format used. |
@@ -202,7 +202,7 @@ The descriptor `Dvc` is used for the reporting device, which is the local system
202
202
| <aname="src"></a>**Src**| Recommended | String | A unique identifier of the source device. <br><br>This field might alias the [SrcDvcId](#srcdvcid), [SrcHostname](#srchostname), or [SrcIpAddr](#srcipaddr) fields. <br><br>Example: `192.168.12.1`|
203
203
| <aname="srcipaddr"></a>**SrcIpAddr**| Recommended | IP address | The IP address from which the connection or session originated. This value is mandatory if **SrcHostname** is specified. If the session uses network address translation, this is the publicly visible address, and not the original address of the source which is stored in [SrcNatIpAddr](#srcnatipaddr)<br><br>Example: `77.138.103.108`|
204
204
|**SrcPortNumber**| Optional | Integer | The IP port from which the connection originated. Might not be relevant for a session comprising multiple connections.<br><br>Example: `2335`|
205
-
| <aname="srchostname"></a> **SrcHostname**| Recommended | Hostname | The source device hostname, excluding domain information. If no device name is available, store the relevant IP address in this field. This value is mandatory if [SrcIpAddr](#srcipaddr) is specified.<br><br>Example: `DESKTOP-1282V4D`|
205
+
| <aname="srchostname"></a> **SrcHostname**| Recommended | Hostname | The source device hostname, excluding domain information. If no device name is available, store the relevant IP address in this field.<br><br>Example: `DESKTOP-1282V4D`|
206
206
|<aname="srcdomain"></a> **SrcDomain**| Recommended | String | The domain of the source device.<br><br>Example: `Contoso`|
207
207
| <aname="srcdomaintype"></a>**SrcDomainType**| Recommended | DomainType | The type of [SrcDomain](#srcdomain). For a list of allowed values and further information refer to [DomainType](normalization-about-schemas.md#domaintype) in the [Schema Overview article](normalization-about-schemas.md).<br><br>Required if [SrcDomain](#srcdomain) is used. |
208
208
|**SrcFQDN**| Optional | String | The source device hostname, including domain information when available. <br><br>**Note**: This field supports both traditional FQDN format and Windows domain\hostname format. The [SrcDomainType](#srcdomaintype) field reflects the format used. <br><br>Example: `Contoso\DESKTOP-1282V4D`|
0 commit comments