Class: NetworkInterface
The Network Interface object describes the type and associated attributes of a
physical or virtual network interface.
classDiagram
class NetworkInterface
click NetworkInterface href "../NetworkInterface/"
Entity <|-- NetworkInterface
click Entity href "../Entity/"
NetworkInterface : hostname
NetworkInterface : ip
NetworkInterface : mac
NetworkInterface : name
NetworkInterface : namespace
NetworkInterface : open_ports
NetworkInterface --> "*" PortInfo : open_ports
click PortInfo href "../PortInfo/"
NetworkInterface : subnet_prefix
NetworkInterface : type
NetworkInterface : type_id
NetworkInterface --> "0..1 _recommended_" NetworkInterfaceTypeIdEnum : type_id
click NetworkInterfaceTypeIdEnum href "../NetworkInterfaceTypeIdEnum/"
NetworkInterface : uid
Inheritance
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| hostname | 0..1 recommended HostnameT |
The hostname associated with the network interface | direct |
| ip | 0..1 recommended IpT |
The IP address associated with the network interface | direct |
| mac | 0..1 recommended MacT |
The MAC address of the network interface | direct |
| name | 0..1 recommended String |
The name of the network interface | direct |
| namespace | 0..1 String |
The namespace is useful in merger or acquisition situations | direct |
| open_ports | * PortInfo |
The list of open ports on a network interface, including port numbers and | direct |
| subnet_prefix | 0..1 Integer |
The subnet prefix length determines the number of bits used to represent the | direct |
| type | 0..1 String |
The type of network interface | direct |
| type_id | 0..1 recommended NetworkInterfaceTypeIdEnum |
The network interface type identifier | direct |
| uid | 0..1 recommended String |
The unique identifier for the network interface | direct |
Usages
| used by | used in | type | used |
|---|---|---|---|
| QueryEvidence | network_interfaces | range | NetworkInterface |
| Device | network_interfaces | range | NetworkInterface |
| NetworksQuery | network_interfaces | range | NetworkInterface |
| DhcpActivity | relay | range | NetworkInterface |
| TunnelActivity | tunnel_interface | range | NetworkInterface |
| WindowsQueryEvidence | network_interfaces | range | NetworkInterface |
Rules
| Rule Applied | Preconditions | Postconditions | Elseconditions |
|---|---|---|---|
| any_of | [{'slot_conditions': {'ip': {'required': True}}}, {'slot_conditions': {'mac': {'required': True}}}, {'slot_conditions': {}}, {'slot_conditions': {'hostname': {'required': True}}}, {'slot_conditions': {'uid': {'required': True}}}] |
In Subsets
Aliases
- Network Interface
See Also
Notes
- D3FEND™ Ontology d3f:NetworkInterfaceCard. — https://d3fend.mitre.org/dao/artifact/d3f:NetworkInterfaceCard/
Identifier and Mapping Information
Annotations
| property | value |
|---|---|
| ocsf_constraints | {"at_least_one": ["ip", "mac", "name", "hostname", "uid"]} |
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:NetworkInterface |
| native | ocsf:NetworkInterface |
| exact | uco_master:NetworkInterface |
LinkML Source
Direct
name: NetworkInterface
annotations:
ocsf_constraints:
tag: ocsf_constraints
value: '{"at_least_one": ["ip", "mac", "name", "hostname", "uid"]}'
description: 'The Network Interface object describes the type and associated attributes
of a
physical or virtual network interface.'
notes:
- 'D3FEND™ Ontology d3f:NetworkInterfaceCard. —
https://d3fend.mitre.org/dao/artifact/d3f:NetworkInterfaceCard/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:NetworkInterfaceCard/
aliases:
- Network Interface
exact_mappings:
- uco_master:NetworkInterface
is_a: Entity
slots:
- hostname
- ip
- mac
- name
- namespace
- open_ports
- subnet_prefix
- type
- type_id
- uid
slot_usage:
hostname:
name: hostname
description: The hostname associated with the network interface.
recommended: true
ip:
name: ip
description: The IP address associated with the network interface.
recommended: true
mac:
name: mac
description: The MAC address of the network interface.
recommended: true
name:
name: name
description: The name of the network interface.
type:
name: type
description: The type of network interface.
type_id:
name: type_id
description: The network interface type identifier.
range: NetworkInterfaceTypeIdEnum
recommended: true
uid:
name: uid
description: The unique identifier for the network interface.
rules:
- postconditions:
any_of:
- slot_conditions:
ip:
name: ip
required: true
- slot_conditions:
mac:
name: mac
required: true
- slot_conditions:
name:
name: name
required: true
- slot_conditions:
hostname:
name: hostname
required: true
- slot_conditions:
uid:
name: uid
required: true
description: 'OCSF at_least_one: at least one of [''ip'', ''mac'', ''name'', ''hostname'',
''uid'']
must be set.'
Induced
name: NetworkInterface
annotations:
ocsf_constraints:
tag: ocsf_constraints
value: '{"at_least_one": ["ip", "mac", "name", "hostname", "uid"]}'
description: 'The Network Interface object describes the type and associated attributes
of a
physical or virtual network interface.'
notes:
- 'D3FEND™ Ontology d3f:NetworkInterfaceCard. —
https://d3fend.mitre.org/dao/artifact/d3f:NetworkInterfaceCard/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:NetworkInterfaceCard/
aliases:
- Network Interface
exact_mappings:
- uco_master:NetworkInterface
is_a: Entity
slot_usage:
hostname:
name: hostname
description: The hostname associated with the network interface.
recommended: true
ip:
name: ip
description: The IP address associated with the network interface.
recommended: true
mac:
name: mac
description: The MAC address of the network interface.
recommended: true
name:
name: name
description: The name of the network interface.
type:
name: type
description: The type of network interface.
type_id:
name: type_id
description: The network interface type identifier.
range: NetworkInterfaceTypeIdEnum
recommended: true
uid:
name: uid
description: The unique identifier for the network interface.
attributes:
hostname:
name: hostname
description: The hostname associated with the network interface.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Hostname
rank: 1000
alias: hostname
owner: NetworkInterface
domain_of:
- Url
- ApplicationObject
- Databucket
- DnsQuery
- Endpoint
- NetworkInterface
- Reporter
- ResourceDetails
- Device
range: HostnameT
recommended: true
ip:
name: ip
description: The IP address associated with the network interface.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- IP Address
rank: 1000
alias: ip
owner: NetworkInterface
domain_of:
- Databucket
- Endpoint
- LoadBalancer
- NetworkInterface
- Reporter
- ResourceDetails
- Device
range: IpT
recommended: true
mac:
name: mac
description: The MAC address of the network interface.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- MAC Address
rank: 1000
alias: mac
owner: NetworkInterface
domain_of:
- Endpoint
- NetworkInterface
range: MacT
recommended: true
name:
name: name
description: The name of the network interface.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Name
rank: 1000
alias: name
owner: NetworkInterface
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- Parameter
- PrivilegeInfo
- San
- Scim
- Script
- ServicePrivilegeAnalysis
- SoftwareComponent
- Sso
- StartupItem
- ThreatActor
- Token
- Entity
- Resource
- Account
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- AutonomousSystem
- Campaign
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- ClassifierDetails
- Container
- D3fTactic
- D3fTechnique
- Database
- Databucket
- DomainContact
- Edge
- Endpoint
- Enrichment
- EnvironmentVariable
- Evidences
- Extension
- Feature
- File
- Graph
- Group
- HttpCookie
- HttpHeader
- Idp
- Image
- Job
- Kernel
- KeyValueObject
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metric
- Mitigation
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- ResourceDetails
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- FtpActivity
- RegValue
- WinResource
- WinService
- PrefetchQuery
range: string
recommended: true
namespace:
name: namespace
description: 'The namespace is useful in merger or acquisition situations. For
example, when
similar entities exist that you need to keep separate.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Namespace
rank: 1000
alias: namespace
owner: NetworkInterface
domain_of:
- Databucket
- NetworkInterface
- ResourceDetails
range: string
open_ports:
name: open_ports
description: 'The list of open ports on a network interface, including port numbers
and
associated protocol information.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Open Ports
rank: 1000
alias: open_ports
owner: NetworkInterface
domain_of:
- NetworkInterface
range: PortInfo
multivalued: true
subnet_prefix:
name: subnet_prefix
description: 'The subnet prefix length determines the number of bits used to represent
the
network part of the IP address. The remaining bits are reserved for identifying
individual hosts within that subnet.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Subnet Prefix Length
rank: 1000
alias: subnet_prefix
owner: NetworkInterface
domain_of:
- NetworkInterface
range: integer
type:
name: type
description: The type of network interface.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type
rank: 1000
alias: type
owner: NetworkInterface
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- ProgrammaticCredential
- RelatedEvent
- San
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Dns
- Resource
- Account
- Agent
- Analytic
- ApplicationObject
- AuthenticationToken
- ClassifierDetails
- Cve
- Database
- Databucket
- DiscoveryDetails
- DnsAnswer
- DomainContact
- EncryptionDetails
- Endpoint
- Enrichment
- File
- Graph
- Group
- Ja4Fingerprint
- Kernel
- ManagedEntity
- Metadata
- Module
- NetworkEndpoint
- NetworkInterface
- Node
- PeripheralDevice
- Policy
- Rule
- Scan
- Trait
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- WebResource
- Device
- DatastoreActivity
- FtpActivity
- RegValue
- WinResource
range: string
type_id:
name: type_id
annotations:
sibling:
tag: sibling
value: type
description: The network interface type identifier.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type ID
rank: 1000
alias: type_id
owner: NetworkInterface
domain_of:
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Account
- Agent
- Analytic
- AuthenticationToken
- Database
- Databucket
- DomainContact
- Endpoint
- File
- Ja4Fingerprint
- Kernel
- ManagedEntity
- NetworkEndpoint
- NetworkInterface
- PeripheralDevice
- Scan
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- Device
- DatastoreActivity
- RegValue
- WinResource
range: NetworkInterfaceTypeIdEnum
recommended: true
uid:
name: uid
description: The unique identifier for the network interface.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: NetworkInterface
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
recommended: true
rules:
- postconditions:
any_of:
- slot_conditions:
ip:
name: ip
required: true
- slot_conditions:
mac:
name: mac
required: true
- slot_conditions:
name:
name: name
required: true
- slot_conditions:
hostname:
name: hostname
required: true
- slot_conditions:
uid:
name: uid
required: true
description: 'OCSF at_least_one: at least one of [''ip'', ''mac'', ''name'', ''hostname'',
''uid'']
must be set.'