Network log
Normalize network connection logs in Genian EDR.
| Type | Field | Display Name |
|---|---|---|
| DATE | _time | Time |
| STRING | event_type | Event type |
| STRING | event_subtype | Event subtype |
| INT | important | Important level |
| IP | host_ip | Host IP |
| STRING | nt_domain | NT domain |
| STRING | hostname | Hostname |
| STRING | tag | Tag |
| STRING | image | Process name |
| STRING | image_path | Process path |
| STRING | direction | Direction |
| IP | local_ip | Local IP |
| INT | local_port | Local port |
| IP | remote_ip | Remote IP |
| INT | remote_port | Remote port |
| STRING | protocol | Protocol |
| INT | is_connected | Is connected |
| LONG | sent_bytes | Sent bytes |
| LONG | rcvd_bytes | Received bytes |
| INT | conn_count | Connection count |
| INT | disconn_count | Disconnection count |
| INT | disconn_flag | Disconnection flag |
| DATE | disconn_time | Disconnection time |
| STRING | logon_id | Logon ID |
| INT | pid | PID |
| STRING | pguid | Process GUID |
| STRING | device_id | Device ID |
| LONG | event_seq | Event sequence |