Enum: PacketSourceIdEnum
A normalized numeric identifier that specifies how the packet was obtained or
generated.
Permissible Values
| Value | Meaning | Description |
|---|---|---|
| UNKNOWN | None | The packet source is unknown |
| WIRE | None | The packet was captured directly from a network interface |
| STREAM | None | The packet was reconstructed or derived from a stream of packets |
| DECODER | None | The packet was generated or extracted by a protocol decoder or analysis engin... |
| TAP | None | The packet was captured from a physical network Test Access Point (TAP) devic... |
| SPAN | None | The packet was captured from a switch Switched Port Analyzer (SPAN) or mirror |
| ENDPOINT | None | The packet was captured by a host-based agent or endpoint detection and |
| VIRTUAL | None | The packet was captured from a virtual network interface, virtual switch, or |
| OTHER | None | The packet source is not mapped |
Slots
| Name | Description |
|---|---|
| source_id | A normalized numeric identifier that specifies how the packet was obtained or |
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
LinkML Source
name: PacketSourceIdEnum
description: 'A normalized numeric identifier that specifies how the packet was obtained
or
generated.'
from_schema: https://w3id.org/lmodel/ocsf
rank: 1000
permissible_values:
UNKNOWN:
text: UNKNOWN
description: The packet source is unknown.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '0'
caption:
tag: caption
value: Unknown
WIRE:
text: WIRE
description: The packet was captured directly from a network interface.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '1'
caption:
tag: caption
value: Wire
STREAM:
text: STREAM
description: The packet was reconstructed or derived from a stream of packets.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '2'
caption:
tag: caption
value: Stream
DECODER:
text: DECODER
description: The packet was generated or extracted by a protocol decoder or analysis
engine.
annotations:
ocsf_uid:
tag: ocsf_uid
value: '3'
caption:
tag: caption
value: Decoder
TAP:
text: TAP
description: 'The packet was captured from a physical network Test Access Point
(TAP) device
used for passive monitoring.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '4'
caption:
tag: caption
value: TAP
SPAN:
text: SPAN
description: 'The packet was captured from a switch Switched Port Analyzer (SPAN)
or mirror
port.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '5'
caption:
tag: caption
value: SPAN
ENDPOINT:
text: ENDPOINT
description: 'The packet was captured by a host-based agent or endpoint detection
and
response (EDR) sensor.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '6'
caption:
tag: caption
value: Endpoint
VIRTUAL:
text: VIRTUAL
description: 'The packet was captured from a virtual network interface, virtual
switch, or
container network.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '7'
caption:
tag: caption
value: Virtual
OTHER:
text: OTHER
description: 'The packet source is not mapped. Refer to the <code>source</code>
field for the
original source-specific value.'
annotations:
ocsf_uid:
tag: ocsf_uid
value: '99'
caption:
tag: caption
value: Other