Slot: is_src_dst_assignment_known (DEPRECATED)
true denotes that src_endpoint and
dst_endpoint correctly identify the initiator and responder
respectively. false denotes that the event source has arbitrarily
assigned one peer to src_endpoint and the other to
dst_endpoint, in other words that initiator and responder are not
being asserted. This can occur, for example, when the event source is a network
appliance that has not observed the initiation of a given connection. In the
absence of this attribute, interpretation of the initiator and responder is
implementation-specific.
URI: ocsf:is_src_dst_assignment_known Alias: is_src_dst_assignment_known
Applicable Classes
| Name | Description | Modifies Slot |
|---|---|---|
| NetworkActivity | Network Activity events report network connection and traffic activity | yes |
Properties
Type and Range
| Property | Value |
|---|---|
| Range | Boolean |
| Domain Of | NetworkActivity |
Cardinality and Requirements
| Property | Value |
|---|---|
Aliases
- Source/Destination Assignment Known
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:is_src_dst_assignment_known |
| native | ocsf:is_src_dst_assignment_known |
LinkML Source
name: is_src_dst_assignment_known
description: '<code>true</code> denotes that <code>src_endpoint</code> and
<code>dst_endpoint</code> correctly identify the initiator and responder
respectively. <code>false</code> denotes that the event source has arbitrarily
assigned one peer to <code>src_endpoint</code> and the other to
<code>dst_endpoint</code>, in other words that initiator and responder are not
being asserted. This can occur, for example, when the event source is a network
appliance that has not observed the initiation of a given connection. In the
absence of this attribute, interpretation of the initiator and responder is
implementation-specific.'
deprecated: 'Use <code>initiator_id</code> instead, which provides richer semantics
for
bi-flow and asymmetric flow scenarios. (since 1.9.0)'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Source/Destination Assignment Known
rank: 1000
alias: is_src_dst_assignment_known
domain_of:
- NetworkActivity
range: boolean