Slot: network_observation_point
The network endpoint that observes or inspects network traffic as a third-party
system, used when the observer is neither the source nor the destination of the
communication. Examples include network taps, span ports, inline security
devices, or packet capture systems.
URI: ocsf:network_observation_point Alias: network_observation_point
Applicable Classes
| Name | Description | Modifies Slot |
|---|---|---|
| HttpActivity | HTTP Activity events report HTTP connection and traffic information | no |
| NtpActivity | The Network Time Protocol (NTP) Activity events report instances of remote | no |
| NetworkFileActivity | Network File Activity events report file activities traversing the network, | no |
| DnsActivity | DNS Activity events report DNS queries and answers as seen on the network | no |
| SmbActivity | Server Message Block (SMB) Protocol Activity events report client/server | no |
| SshActivity | SSH Activity events report remote client connections to a server using the | no |
| RdpActivity | Remote Desktop Protocol (RDP) Activity events report post-authentication remo... | no |
| NetworkEvent | Network event is a generic event that defines a set of attributes available i... | yes |
| TunnelActivity | Tunnel Activity events report secure tunnel establishment (such as VPN), | no |
| FtpActivity | File Transfer Protocol (FTP) Activity events report file transfers between a | no |
| NetworkActivity | Network Activity events report network connection and traffic activity | no |
| DhcpActivity | DHCP Activity events report MAC to IP assignment via DHCP from a client or | no |
Properties
Type and Range
| Property | Value |
|---|---|
| Range | NetworkEndpoint |
| Domain Of | NetworkEvent |
Cardinality and Requirements
| Property | Value |
|---|---|
Aliases
- Network Observation Point
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/ocsf
Mappings
| Mapping Type | Mapped Value |
|---|---|
| self | ocsf:network_observation_point |
| native | ocsf:network_observation_point |
LinkML Source
name: network_observation_point
description: 'The network endpoint that observes or inspects network traffic as a
third-party
system, used when the observer is neither the source nor the destination of the
communication. Examples include network taps, span ports, inline security
devices, or packet capture systems.'
from_schema: https://w3id.org/lmodel/ocsf
aliases:
- Network Observation Point
rank: 1000
alias: network_observation_point
domain_of:
- NetworkEvent
range: NetworkEndpoint