Slot: connection_info
The network connection information.
URI: ocsf:connection_info
Alias: connection_info
Applicable Classes
| Name |
Description |
Modifies Slot |
| HttpActivity |
HTTP Activity events report HTTP connection and traffic information |
no |
| NtpActivity |
The Network Time Protocol (NTP) Activity events report instances of remote |
no |
| UnmannedSystemsEvent |
The Unmanned Systems event is a generic event that defines a set of attribute... |
yes |
| DnsActivity |
DNS Activity events report DNS queries and answers as seen on the network |
yes |
| NetworkEvent |
Network event is a generic event that defines a set of attributes available i... |
yes |
| FtpActivity |
File Transfer Protocol (FTP) Activity events report file transfers between a |
no |
| AirborneBroadcastActivity |
Airborne Broadcast Activity events report the activity of any aircraft or |
no |
| NetworkFileActivity |
Network File Activity events report file activities traversing the network, |
yes |
| SmbActivity |
Server Message Block (SMB) Protocol Activity events report client/server |
no |
| RdpActivity |
Remote Desktop Protocol (RDP) Activity events report post-authentication remo... |
yes |
| NetworkActivity |
Network Activity events report network connection and traffic activity |
no |
| QueryEvidence |
The specific resulting evidence information that was queried or discovered |
yes |
| Evidences |
A collection of evidence artifacts associated to the activity/activities that |
yes |
| WindowsQueryEvidence |
The resulting evidence information that was queried |
no |
| SshActivity |
SSH Activity events report remote client connections to a server using the |
no |
| TunnelActivity |
Tunnel Activity events report secure tunnel establishment (such as VPN), |
yes |
| DroneFlightsActivity |
Drone Flights Activity events report the activity of Unmanned Aerial Systems |
no |
| NetworkConnectionQuery |
Network Connection Query events report information about active network |
yes |
| WindowsEvidences |
Extends the evidences object to add Windows specific fields |
no |
| NetworkRemediationActivity |
Network Remediation Activity events report on attempts at remediating compute... |
yes |
| FileHosting |
File Hosting Activity events report the actions taken by file management |
yes |
| DhcpActivity |
DHCP Activity events report MAC to IP assignment via DHCP from a client or |
no |
Properties
Type and Range
| Property |
Value |
| Range |
NetworkConnectionInfo |
| Domain Of |
QueryEvidence, Evidences, FileHosting, NetworkConnectionQuery, NetworkEvent, DnsActivity, NetworkFileActivity, RdpActivity, TunnelActivity, NetworkRemediationActivity, UnmannedSystemsEvent |
Cardinality and Requirements
Aliases
Schema Source
Mappings
| Mapping Type |
Mapped Value |
| self |
ocsf:connection_info |
| native |
ocsf:connection_info |
LinkML Source
name: connection_info
description: The network connection information.
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Connection Info
rank: 1000
alias: connection_info
domain_of:
- QueryEvidence
- Evidences
- FileHosting
- NetworkConnectionQuery
- NetworkEvent
- DnsActivity
- NetworkFileActivity
- RdpActivity
- TunnelActivity
- NetworkRemediationActivity
- UnmannedSystemsEvent
range: NetworkConnectionInfo