trellix-nx-flows
Fetch flows for alert from Trellix Network Security devices
trellix-nx-flows field=FIELD
- field=FIELD
- Alert uuid field name
Output Fields
| Field | Type | Name | Description |
|---|---|---|---|
| _time | Date | Time | Flow time |
| _profile | String | Connect profile | |
| uuid | String | Alert UUID | |
| id | Integer | Flow ID | |
| vlan | Integer | VLAN ID | |
| src_ip | IP address | Source IP address | |
| src_port | Integer | Source port | |
| dst_ip | IP address | Destination IP address | |
| dst_port | Integer | Destination port | |
| protocol | String | Protocol | |
| event_type | String | Event type | dns, tls, flow, http, fileinfo |
| tls_sni | String | TLS SNI | |
| file_name | String | File name | |
| file_size | Long | File size | |
| md5 | String | MD5 | |
| http_status | Integer | HTTP status | |
| http_method | String | HTTP method | e.g. GET, POST |
| http_host | String | HTTP host | |
| http_url | String | HTTP URI | |
| dns_type | String | DNS packet type | query or answer |
| dns_rr_type | String | DNS resource type | e.g. A, CNAME, MX |
| dns_rr_name | String | DNS resource name | Resource record name (domain) |
| smb_command | String | SMB command | e.g. Tree Connect, Session Setup, Session Logoff |
| smb_pid | Integer | SMB process ID | |
| smb_path | String | SMB file path |