You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/network-normalization-schema.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -98,7 +98,7 @@ Network session events use the descriptors `Src` and `Dst` to denote the roles o
98
98
99
99
For events reported by an endpoint and for which the event type is `EndpointNetworkSession`, the descriptors `Local` and `Remote` denote the endpoint itself and the device at the other end of the network session respectively.
100
100
101
-
The descriptor 'Dvc' is used for the reporting device, which is the local system for sessions reported by an endpoint, and the intermediary device or network tap for other network session events.
101
+
The descriptor `Dvc` is used for the reporting device, which is the local system for sessions reported by an endpoint, and the intermediary device or network tap for other network session events.
102
102
103
103
## Schema details
104
104
@@ -247,7 +247,7 @@ The descriptor 'Dvc' is used for the reporting device, which is the local system
247
247
248
248
All the source and destination fields listed above, can be optionally aliased by fields with the same name and the descriptors `Local` and `Remote`. This is typically helpful for events reported by an endpoint and for which the event type is `EndpointNetworkSession`.
249
249
250
-
For such events the descriptors `Local` and `Remote` denote the endpoint itself and the device at the other end of the network session respectively. For inbound connections, the local system is the destination, `Local` fields are aliases to the `Dst` fields, and 'Remote' fields are aliases to `Src` fields. Conversely, for outbound connections, the local system is the source, `Local` fields are aliases to the `Src` fields, and 'Remote' fields are aliases to `Dst` fields.
250
+
For such events the descriptors `Local` and `Remote` denote the endpoint itself and the device at the other end of the network session respectively. For inbound connections, the local system is the destination, `Local` fields are aliases to the `Dst` fields, and 'Remote' fields are aliases to `Src` fields. Conversely, for outbound connections, the local system is the source, `Local` fields are aliases to the `Src` fields, and `Remote` fields are aliases to `Dst` fields.
251
251
252
252
For example, for an inbound event, the field `LocalIpAddr` is an alias to `DstIpAddr` and the field `RemoteIpAddr` is an alias to `SrcIpAddr`.
253
253
@@ -310,7 +310,7 @@ These are the changes in version 0.2.2 of the schema:
310
310
- Defined `Hostname` and `IpAddr` as aliases for `RemoteHostname` and `LocalIpAddr` respectively when the event type is `EndpointNetworkSession`.
311
311
- Defined `DvcInterface` as an alias to `DvcInboundInterface` or `DvcOutboundInterface`.
312
312
- Changed the type of the following fields from Integer to Long: `SrcBytes`, `DstBytes`, `NetworkBytes`, `SrcPackets`, `DstPackets`, and `NetworkPackets`.
313
-
- Added the fields `NetworkProtoolVersion`, `SrcSubscriptionId`, and `DstSubscriptionId`.
313
+
- Added the fields `NetworkProtocolVersion`, `SrcSubscriptionId`, and `DstSubscriptionId`.
0 commit comments