Class: NetworkProxy
The network proxy endpoint object describes a proxy server, which acts as an
intermediary between a client requesting a resource and the server providing
that resource.
URI: ocsf:NetworkProxy
classDiagram
class NetworkProxy
click NetworkProxy href "../NetworkProxy/"
NetworkEndpoint <|-- NetworkProxy
click NetworkEndpoint href "../NetworkEndpoint/"
NetworkProxy : agent_list
NetworkProxy --> "*" Agent : agent_list
click Agent href "../Agent/"
NetworkProxy : autonomous_system
NetworkProxy --> "0..1" AutonomousSystem : autonomous_system
click AutonomousSystem href "../AutonomousSystem/"
NetworkProxy : container
NetworkProxy --> "0..1 _recommended_" Container : container
click Container href "../Container/"
NetworkProxy : domain
NetworkProxy : fingerprints
NetworkProxy --> "*" Fingerprint : fingerprints
click Fingerprint href "../Fingerprint/"
NetworkProxy : hostname
NetworkProxy : hw_info
NetworkProxy --> "0..1" DeviceHwInfo : hw_info
click DeviceHwInfo href "../DeviceHwInfo/"
NetworkProxy : instance_uid
NetworkProxy : interface_name
NetworkProxy : interface_uid
NetworkProxy : intermediate_ips
NetworkProxy : ip
NetworkProxy : isp
NetworkProxy : isp_org
NetworkProxy : location
NetworkProxy --> "0..1" Location : location
click Location href "../Location/"
NetworkProxy : mac
NetworkProxy : mac_vendor
NetworkProxy : name
NetworkProxy : namespace_pid
NetworkProxy : network_scope
NetworkProxy : network_scope_id
NetworkProxy --> "0..1" NetworkScopeIdEnum : network_scope_id
click NetworkScopeIdEnum href "../NetworkScopeIdEnum/"
NetworkProxy : os
NetworkProxy --> "0..1" Os : os
click Os href "../Os/"
NetworkProxy : owner
NetworkProxy --> "0..1 _recommended_" User : owner
click User href "../User/"
NetworkProxy : pool
NetworkProxy --> "0..1" Group : pool
click Group href "../Group/"
NetworkProxy : port
NetworkProxy : proxy_endpoint
NetworkProxy --> "0..1" NetworkProxy : proxy_endpoint
click NetworkProxy href "../NetworkProxy/"
NetworkProxy : subnet_uid
NetworkProxy : svc_name
NetworkProxy : type
NetworkProxy : type_id
NetworkProxy --> "0..1 _recommended_" EndpointTypeIdEnum : type_id
click EndpointTypeIdEnum href "../EndpointTypeIdEnum/"
NetworkProxy : uid
NetworkProxy : vlan_uid
NetworkProxy : vpc_uid
NetworkProxy : zone
Inheritance
- OcsfObject
- Object
- Entity
- Endpoint [ ContainerProfile]
- NetworkEndpoint
- NetworkProxy
- NetworkEndpoint
- Endpoint [ ContainerProfile]
- Entity
- Object
Slots
| Name | Cardinality and Range | Description | Inheritance |
|---|---|---|---|
| autonomous_system | 0..1 AutonomousSystem |
The Autonomous System details associated with an IP address | NetworkEndpoint |
| fingerprints | * Fingerprint |
Fingerprints that identify the specific application implementation on this | NetworkEndpoint |
| intermediate_ips | * IpT |
The intermediate IP Addresses | NetworkEndpoint |
| isp | 0..1 String |
The name of the Internet Service Provider (ISP) | NetworkEndpoint |
| isp_org | 0..1 String |
The organization name of the Internet Service Provider (ISP) | NetworkEndpoint |
| network_scope | 0..1 String |
Indicates whether the endpoint resides inside the customer’s network, outside | NetworkEndpoint |
| network_scope_id | 0..1 NetworkScopeIdEnum |
The normalized identifier of the endpoint’s network scope | NetworkEndpoint |
| port | 0..1 recommended PortT |
The port used for communication within the network connection | NetworkEndpoint |
| proxy_endpoint | 0..1 NetworkProxy |
The network proxy information pertaining to a specific endpoint | NetworkEndpoint |
| svc_name | 0..1 recommended String |
The service name in service-to-service connections | NetworkEndpoint |
| type | 0..1 String |
The network endpoint type | Endpoint, NetworkEndpoint |
| type_id | 0..1 recommended EndpointTypeIdEnum |
The network endpoint type ID | Endpoint, NetworkEndpoint |
| uid | 0..1 recommended String |
The unique identifier of the endpoint | Endpoint, Entity, NetworkEndpoint |
| agent_list | * Agent |
A list of agent objects associated with a device, endpoint, or |
Endpoint |
| domain | 0..1 String |
The name of the domain that the endpoint belongs to or that corresponds to th... | Endpoint |
| hostname | 0..1 recommended HostnameT |
The fully qualified name of the endpoint | Endpoint |
| hw_info | 0..1 DeviceHwInfo |
The endpoint hardware information | Endpoint |
| instance_uid | 0..1 recommended String |
The unique identifier of a VM instance | Endpoint |
| interface_name | 0..1 recommended String |
The name of the network interface (e | Endpoint |
| interface_uid | 0..1 recommended String |
The unique identifier of the network interface | Endpoint |
| ip | 0..1 recommended IpT |
The IP address of the endpoint, in either IPv4 or IPv6 format | Endpoint |
| location | 0..1 Location |
The geographical location of the endpoint | Endpoint |
| mac | 0..1 MacT |
The Media Access Control (MAC) address of the endpoint | Endpoint |
| mac_vendor | 0..1 String |
The vendor or manufacturer of the endpoint's network interface controller | Endpoint |
| name | 0..1 recommended String |
The short name of the endpoint | Endpoint, Entity |
| os | 0..1 Os |
The endpoint operating system | Endpoint |
| owner | 0..1 recommended User |
The identity of the service or user account that owns the endpoint or was las... | Endpoint |
| pool | 0..1 Group |
The pool of desktops or virtual machines to which the endpoint belongs | Endpoint |
| subnet_uid | 0..1 String |
The unique identifier of a virtual subnet | Endpoint |
| vlan_uid | 0..1 String |
The Virtual LAN identifier | Endpoint |
| vpc_uid | 0..1 String |
The unique identifier of the Virtual Private Cloud (VPC) | Endpoint |
| zone | 0..1 String |
The network zone or LAN segment | Endpoint |
| container | 0..1 recommended Container |
The information describing an instance of a container | ContainerProfile |
| namespace_pid | 0..1 recommended Integer |
If running under a process namespace (such as in a container), the process | ContainerProfile |
Usages
In Subsets
Aliases
- Network Proxy Endpoint
See Also
Notes
- D3FEND™ Ontology d3f:ProxyServer — https://d3fend.mitre.org/dao/artifact/d3f:ProxyServer/
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:NetworkProxy |
| native | ocsf:NetworkProxy |
LinkML Source
Direct
name: NetworkProxy
description: 'The network proxy endpoint object describes a proxy server, which acts
as an
intermediary between a client requesting a resource and the server providing
that resource.'
notes:
- 'D3FEND™ Ontology d3f:ProxyServer —
https://d3fend.mitre.org/dao/artifact/d3f:ProxyServer/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:ProxyServer/
aliases:
- Network Proxy Endpoint
is_a: NetworkEndpoint
Induced
name: NetworkProxy
description: 'The network proxy endpoint object describes a proxy server, which acts
as an
intermediary between a client requesting a resource and the server providing
that resource.'
notes:
- 'D3FEND™ Ontology d3f:ProxyServer —
https://d3fend.mitre.org/dao/artifact/d3f:ProxyServer/'
in_subset:
- objects_subset
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://d3fend.mitre.org/dao/artifact/d3f:ProxyServer/
aliases:
- Network Proxy Endpoint
is_a: NetworkEndpoint
attributes:
autonomous_system:
name: autonomous_system
description: The Autonomous System details associated with an IP address.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Autonomous System
rank: 1000
alias: autonomous_system
owner: NetworkProxy
domain_of:
- Osint
- Whois
- NetworkEndpoint
range: AutonomousSystem
fingerprints:
name: fingerprints
description: 'Fingerprints that identify the specific application implementation
on this
endpoint, such as Cisco NPF or HASSH.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Fingerprints
rank: 1000
alias: fingerprints
owner: NetworkProxy
domain_of:
- Certificate
- NetworkEndpoint
range: Fingerprint
multivalued: true
intermediate_ips:
name: intermediate_ips
description: 'The intermediate IP Addresses. For example, the IP addresses in
the HTTP
X-Forwarded-For header.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Intermediate IP Addresses
rank: 1000
alias: intermediate_ips
owner: NetworkProxy
domain_of:
- NetworkEndpoint
range: IpT
multivalued: true
isp:
name: isp
description: The name of the Internet Service Provider (ISP).
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- ISP Name
rank: 1000
alias: isp
owner: NetworkProxy
domain_of:
- Whois
- Location
- NetworkEndpoint
range: string
isp_org:
name: isp_org
description: 'The organization name of the Internet Service Provider (ISP). This
represents
the parent organization or company that owns/operates the ISP. For example,
Comcast Corporation would be the ISP org for Xfinity internet service. This
attribute helps identify the ultimate provider when ISPs operate under
different brand names.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- ISP Org
rank: 1000
alias: isp_org
owner: NetworkProxy
domain_of:
- Whois
- NetworkEndpoint
range: string
network_scope:
name: network_scope
description: 'Indicates whether the endpoint resides inside the customer’s network,
outside
on the Internet, or if its location relative to the customer’s network cannot
be determined. The value is normalized to the caption of the
<code>network_scope_id</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Network Scope
rank: 1000
alias: network_scope
owner: NetworkProxy
domain_of:
- NetworkEndpoint
range: string
network_scope_id:
name: network_scope_id
annotations:
sibling:
tag: sibling
value: network_scope
description: 'The normalized identifier of the endpoint’s network scope. The normalized
network scope identifier indicates whether the endpoint resides inside the
customer’s network, outside on the Internet, or if its location relative to
the
customer’s network cannot be determined.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Network Scope ID
rank: 1000
alias: network_scope_id
owner: NetworkProxy
domain_of:
- NetworkEndpoint
range: NetworkScopeIdEnum
port:
name: port
description: The port used for communication within the network connection.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Port
rank: 1000
alias: port
owner: NetworkProxy
domain_of:
- PortInfo
- Url
- NetworkEndpoint
- FtpActivity
range: PortT
recommended: true
proxy_endpoint:
name: proxy_endpoint
description: 'The network proxy information pertaining to a specific endpoint.
This can be
used to describe information pertaining to network address translation (NAT).'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Proxy Endpoint
rank: 1000
alias: proxy_endpoint
owner: NetworkProxy
domain_of:
- NetworkEndpoint
- NetworkProxyProfile
- UnmannedSystemsEvent
range: NetworkProxy
svc_name:
name: svc_name
description: 'The service name in service-to-service connections. For example,
AWS VPC logs
the pkt-src-aws-service and pkt-dst-aws-service fields identify the connection
is coming from or going to an AWS service.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Service Name
rank: 1000
alias: svc_name
owner: NetworkProxy
domain_of:
- NetworkEndpoint
- WinResource
range: string
recommended: true
type:
name: type
description: 'The network endpoint type. For example: <code>unknown</code>,
<code>server</code>, <code>desktop</code>, <code>laptop</code>,
<code>tablet</code>, <code>mobile</code>, <code>virtual</code>,
<code>browser</code>, or <code>other</code>.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type
rank: 1000
alias: type
owner: NetworkProxy
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- ProgrammaticCredential
- RelatedEvent
- San
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Dns
- Resource
- Account
- Agent
- Analytic
- ApplicationObject
- AuthenticationToken
- ClassifierDetails
- Cve
- Database
- Databucket
- DiscoveryDetails
- DnsAnswer
- DomainContact
- EncryptionDetails
- Endpoint
- Enrichment
- File
- Graph
- Group
- Ja4Fingerprint
- Kernel
- ManagedEntity
- Metadata
- Module
- NetworkEndpoint
- NetworkInterface
- Node
- PeripheralDevice
- Policy
- Rule
- Scan
- Trait
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- WebResource
- Device
- DatastoreActivity
- FtpActivity
- RegValue
- WinResource
range: string
type_id:
name: type_id
annotations:
sibling:
tag: sibling
value: type
description: The network endpoint type ID.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Type ID
rank: 1000
alias: type_id
owner: NetworkProxy
domain_of:
- Observable
- Os
- Osint
- Package
- PrivilegeInfo
- Sbom
- Script
- SoftwareComponent
- StartupItem
- ThreatActor
- Ticket
- Timespan
- TlsExtension
- Token
- Account
- Agent
- Analytic
- AuthenticationToken
- Database
- Databucket
- DomainContact
- Endpoint
- File
- Ja4Fingerprint
- Kernel
- ManagedEntity
- NetworkEndpoint
- NetworkInterface
- PeripheralDevice
- Scan
- UnmannedAerialSystem
- UnmannedSystemOperatingArea
- User
- Device
- DatastoreActivity
- RegValue
- WinResource
range: EndpointTypeIdEnum
recommended: true
uid:
name: uid
description: The unique identifier of the endpoint.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Unique ID
rank: 1000
alias: uid
owner: NetworkProxy
domain_of:
- Osint
- Package
- ProgrammaticCredential
- RelatedEvent
- Request
- Sbom
- Scim
- Script
- Session
- Span
- Sso
- Ticket
- Token
- Trace
- Entity
- Resource
- Account
- Advisory
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- Certificate
- Check
- ClassifierDetails
- Container
- Cve
- Cwe
- D3fTactic
- D3fTechnique
- DataClassification
- Database
- Databucket
- DomainContact
- Edge
- Email
- Endpoint
- Evidences
- Extension
- Feature
- File
- FindingObject
- FindingInfo
- Graph
- Group
- HttpRequest
- Idp
- Image
- KbArticle
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metadata
- Mitigation
- NetworkConnectionInfo
- NetworkEndpoint
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- WinResource
range: string
recommended: true
agent_list:
name: agent_list
description: 'A list of <code>agent</code> objects associated with a device, endpoint,
or
resource.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Agent List
rank: 1000
alias: agent_list
owner: NetworkProxy
domain_of:
- Databucket
- Endpoint
- ResourceDetails
range: Agent
multivalued: true
domain:
name: domain
description: 'The name of the domain that the endpoint belongs to or that corresponds
to the
endpoint.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Domain
rank: 1000
alias: domain
owner: NetworkProxy
domain_of:
- Url
- Whois
- Endpoint
- Group
- HttpCookie
- Idp
- User
- Device
range: string
hostname:
name: hostname
description: The fully qualified name of the endpoint.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Hostname
rank: 1000
alias: hostname
owner: NetworkProxy
domain_of:
- Url
- ApplicationObject
- Databucket
- DnsQuery
- Endpoint
- NetworkInterface
- Reporter
- ResourceDetails
- Device
range: HostnameT
recommended: true
hw_info:
name: hw_info
description: The endpoint hardware information.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Hardware Info
rank: 1000
alias: hw_info
owner: NetworkProxy
domain_of:
- Endpoint
- UnmannedAerialSystem
range: DeviceHwInfo
instance_uid:
name: instance_uid
description: The unique identifier of a VM instance.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Instance ID
rank: 1000
alias: instance_uid
owner: NetworkProxy
domain_of:
- Endpoint
range: string
recommended: true
interface_name:
name: interface_name
description: The name of the network interface (e.g. eth2).
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Network Interface Name
rank: 1000
alias: interface_name
owner: NetworkProxy
domain_of:
- Endpoint
range: string
recommended: true
interface_uid:
name: interface_uid
description: The unique identifier of the network interface.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Network Interface ID
rank: 1000
alias: interface_uid
owner: NetworkProxy
domain_of:
- Endpoint
range: string
recommended: true
ip:
name: ip
description: The IP address of the endpoint, in either IPv4 or IPv6 format.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- IP Address
rank: 1000
alias: ip
owner: NetworkProxy
domain_of:
- Databucket
- Endpoint
- LoadBalancer
- NetworkInterface
- Reporter
- ResourceDetails
- Device
range: IpT
recommended: true
location:
name: location
description: The geographical location of the endpoint.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Geo Location
rank: 1000
alias: location
owner: NetworkProxy
domain_of:
- Osint
- Aircraft
- DomainContact
- Endpoint
- LdapPerson
- ManagedEntity
- UnmannedAerialSystem
- Device
range: Location
mac:
name: mac
description: The Media Access Control (MAC) address of the endpoint.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- MAC Address
rank: 1000
alias: mac
owner: NetworkProxy
domain_of:
- Endpoint
- NetworkInterface
range: MacT
mac_vendor:
name: mac_vendor
description: 'The vendor or manufacturer of the endpoint''s network interface
controller
(NIC), as identified from the MAC address.'
notes:
- 'IEEE Registration Authority —
https://standards.ieee.org/products-programs/regauth/'
from_schema: https://w3id.org/lmodel/ocsf
see_also:
- https://standards.ieee.org/products-programs/regauth/
aliases:
- MAC Vendor
rank: 1000
alias: mac_vendor
owner: NetworkProxy
domain_of:
- Endpoint
range: string
name:
name: name
description: The short name of the endpoint.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Name
rank: 1000
alias: name
owner: NetworkProxy
domain_of:
- AnalysisTarget
- Observable
- Os
- Osint
- Package
- Parameter
- PrivilegeInfo
- San
- Scim
- Script
- ServicePrivilegeAnalysis
- SoftwareComponent
- Sso
- StartupItem
- ThreatActor
- Token
- Entity
- Resource
- Account
- Agent
- AiModel
- Aircraft
- Analytic
- ApplicationObject
- Assessment
- AutonomousSystem
- Campaign
- Check
- CisBenchmark
- CisBenchmarkResult
- CisControl
- ClassifierDetails
- Container
- D3fTactic
- D3fTechnique
- Database
- Databucket
- DomainContact
- Edge
- Endpoint
- Enrichment
- EnvironmentVariable
- Evidences
- Extension
- Feature
- File
- Graph
- Group
- HttpCookie
- HttpHeader
- Idp
- Image
- Job
- Kernel
- KeyValueObject
- LoadBalancer
- Logger
- Malware
- ManagedEntity
- MessageContext
- Metric
- Mitigation
- NetworkInterface
- Node
- Organization
- PeripheralDevice
- Policy
- ProcessEntity
- Product
- QueryInfo
- Reporter
- ResourceDetails
- Rule
- Scan
- Service
- SubTechnique
- Table
- Tactic
- Technique
- Trait
- TransformationInfo
- UnmannedAerialSystem
- User
- WebResource
- Device
- FtpActivity
- RegValue
- WinResource
- WinService
- PrefetchQuery
range: string
recommended: true
os:
name: os
description: The endpoint operating system.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- OS
rank: 1000
alias: os
owner: NetworkProxy
domain_of:
- Advisory
- Endpoint
- KbArticle
range: Os
owner:
name: owner
description: 'The identity of the service or user account that owns the endpoint
or was last
logged into it.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Owner
rank: 1000
alias: owner
owner: NetworkProxy
domain_of:
- AffectedCode
- ApplicationObject
- Databucket
- Endpoint
- File
- ResourceDetails
range: User
recommended: true
pool:
name: pool
description: The pool of desktops or virtual machines to which the endpoint belongs.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Pool
rank: 1000
alias: pool
owner: NetworkProxy
domain_of:
- Endpoint
range: Group
subnet_uid:
name: subnet_uid
description: The unique identifier of a virtual subnet.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Subnet UID
rank: 1000
alias: subnet_uid
owner: NetworkProxy
domain_of:
- Endpoint
range: string
vlan_uid:
name: vlan_uid
description: The Virtual LAN identifier.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- VLAN
rank: 1000
alias: vlan_uid
owner: NetworkProxy
domain_of:
- Endpoint
range: string
vpc_uid:
name: vpc_uid
description: The unique identifier of the Virtual Private Cloud (VPC).
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- VPC UID
rank: 1000
alias: vpc_uid
owner: NetworkProxy
domain_of:
- Endpoint
range: string
zone:
name: zone
description: The network zone or LAN segment.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Network Zone
rank: 1000
alias: zone
owner: NetworkProxy
domain_of:
- Token
- Cloud
- Databucket
- Endpoint
- ResourceDetails
range: string
container:
name: container
annotations:
group:
tag: group
value: context
description: 'The information describing an instance of a container. A container
is a
prepackaged, portable system image that runs isolated on an existing system
using a container runtime like containerd.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Container
rank: 1000
alias: container
owner: NetworkProxy
domain_of:
- Evidences
- ContainerProfile
- CloudResourcesInventoryInfo
range: Container
recommended: true
namespace_pid:
name: namespace_pid
annotations:
group:
tag: group
value: context
description: 'If running under a process namespace (such as in a container), the
process
identifier within that process namespace.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Namespace PID
rank: 1000
alias: namespace_pid
owner: NetworkProxy
domain_of:
- ContainerProfile
range: integer
recommended: true