- JSON representation
- Direction
- IpProtocol
- ApplicationProtocol
- Ftp
- Dns
- Question
- ResourceRecord
- Dhcp
- OpCode
- Option
- MessageType
- Http
- Family
- Annotation
- Tls
- Client
- Certificate
- Server
- Smtp
| JSON representation |
|---|
{ "sent_bytes": string, "received_bytes": string, "sent_packets": string, "received_packets": string, "session_duration": string, "session_id": string, "parent_session_id": string, "application_protocol_version": string, "community_id": string, "direction": enum ( |
| Fields | |
|---|---|
sent_bytes |
|
received_bytes |
|
sent_packets |
|
received_packets |
|
session_duration |
A duration in seconds with up to nine fractional digits, ending with ' |
session_id |
|
parent_session_id |
|
application_protocol_version |
|
community_id |
|
direction |
|
ip_protocol |
|
application_protocol |
|
ftp |
|
email |
|
dns |
|
dhcp |
|
http |
|
tls |
|
smtp |
|
asn |
|
dns_domain |
|
carrier_name |
|
organization_name |
|
ip_subnet_range |
|
Direction
| Enums | |
|---|---|
UNKNOWN_DIRECTION |
|
INBOUND |
|
OUTBOUND |
|
BROADCAST |
|
IpProtocol
| Enums | |
|---|---|
UNKNOWN_IP_PROTOCOL |
|
ICMP |
|
IGMP |
|
TCP |
|
UDP |
|
IP6IN4 |
|
GRE |
|
ESP |
|
ICMP6 |
|
EIGRP |
|
ETHERIP |
|
PIM |
|
VRRP |
|
SCTP |
|
ApplicationProtocol
| Enums | |
|---|---|
UNKNOWN_APPLICATION_PROTOCOL |
|
AFP |
|
APPC |
|
AMQP |
|
ATOM |
|
BEEP |
|
BITCOIN |
|
BIT_TORRENT |
|
CFDP |
|
CIP |
|
COAP |
|
COTP |
|
DCERPC |
|
DDS |
|
DEVICE_NET |
|
DHCP |
|
DICOM |
|
DNP3 |
|
DNS |
|
E_DONKEY |
|
ENRP |
|
FAST_TRACK |
|
FINGER |
|
FREENET |
|
FTAM |
|
GOOSE |
|
GOPHER |
|
GRPC |
|
HL7 |
|
H323 |
|
HTTP |
|
HTTPS |
|
IEC104 |
|
IRCP |
|
KADEMLIA |
|
KRB5 |
|
LDAP |
|
LPD |
|
MIME |
|
MMS |
|
MODBUS |
|
MQTT |
|
NETCONF |
|
NFS |
|
NIS |
|
NNTP |
|
NTCIP |
|
NTP |
|
OSCAR |
|
PNRP |
|
PTP |
|
QUIC |
|
RDP |
|
RELP |
|
RIP |
|
RLOGIN |
|
RPC |
|
RTMP |
|
RTP |
|
RTPS |
|
RTSP |
|
SAP |
|
SDP |
|
SIP |
|
SLP |
|
SMB |
|
SMTP |
|
SNMP |
|
SNTP |
|
SSH |
|
SSMS |
|
STYX |
|
SV |
|
TCAP |
|
TDS |
|
TOR |
|
TSP |
|
VTP |
|
WHOIS |
|
WEB_DAV |
|
X400 |
|
X500 |
|
XMPP |
|
Ftp
| JSON representation |
|---|
{ "command": string } |
| Fields | |
|---|---|
command |
|
| JSON representation |
|---|
{ "from": string, "reply_to": string, "to": [ string ], "cc": [ string ], "bcc": [ string ], "mail_id": string, "subject": [ string ], "bounce_address": string } |
| Fields | |
|---|---|
from |
|
reply_to |
|
to[] |
|
cc[] |
|
bcc[] |
|
mail_id |
|
subject[] |
|
bounce_address |
|
Dns
| JSON representation |
|---|
{ "id": integer, "response": boolean, "opcode": integer, "authoritative": boolean, "truncated": boolean, "recursion_desired": boolean, "recursion_available": boolean, "response_code": integer, "questions": [ { object ( |
| Fields | |
|---|---|
id |
|
response |
|
opcode |
|
authoritative |
|
truncated |
|
recursion_desired |
|
recursion_available |
|
response_code |
|
questions[] |
|
answers[] |
|
authority[] |
|
additional[] |
|
Question
| JSON representation |
|---|
{
"name": string,
"type": integer,
"class": integer,
"prevalence": {
object ( |
| Fields | |
|---|---|
name |
|
type |
|
class |
|
prevalence |
|
ResourceRecord
| JSON representation |
|---|
{ "name": string, "type": integer, "class": integer, "ttl": integer, "data": string, "binary_data": string } |
| Fields | |
|---|---|
name |
|
type |
|
class |
|
ttl |
|
data |
|
binary_data |
A base64-encoded string. |
Dhcp
| JSON representation |
|---|
{ "opcode": enum ( |
| Fields | |
|---|---|
opcode |
|
htype |
|
hlen |
|
hops |
|
transaction_id |
|
seconds |
|
flags |
|
ciaddr |
|
yiaddr |
|
siaddr |
|
giaddr |
|
chaddr |
|
sname |
|
file |
|
options[] |
|
type |
|
lease_time_seconds |
|
client_hostname |
|
client_identifier |
A base64-encoded string. |
requested_address |
|
OpCode
| Enums | |
|---|---|
UNKNOWN_OPCODE |
|
BOOTREQUEST |
|
BOOTREPLY |
|
Option
| JSON representation |
|---|
{ "code": integer, "data": string } |
| Fields | |
|---|---|
code |
|
data |
A base64-encoded string. |
MessageType
| Enums | |
|---|---|
UNKNOWN_MESSAGE_TYPE |
|
DISCOVER |
|
OFFER |
|
REQUEST |
|
DECLINE |
|
ACK |
|
NAK |
|
RELEASE |
|
INFORM |
|
WIN_DELETED |
|
WIN_EXPIRED |
|
Http
| JSON representation |
|---|
{ "method": string, "referral_url": string, "user_agent": string, "response_code": integer, "parsed_user_agent": { } } |
| Fields | |
|---|---|
method |
|
referral_url |
|
user_agent |
|
response_code |
|
parsed_user_agent |
|
Client
| JSON representation |
|---|
{
"certificate": {
object ( |
| Fields | |
|---|---|
certificate |
|
ja3 |
|
server_name |
|
supported_ciphers[] |
|
Certificate
| JSON representation |
|---|
{ "version": string, "serial": string, "subject": string, "issuer": string, "md5": string, "sha1": string, "sha256": string, "not_before": string, "not_after": string } |
| Fields | |
|---|---|
version |
|
serial |
|
subject |
|
issuer |
|
md5 |
|
sha1 |
|
sha256 |
|
not_before |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
not_after |
A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: |
Server
| JSON representation |
|---|
{
"certificate": {
object ( |
| Fields | |
|---|---|
certificate |
|
ja3s |
|
Smtp
| JSON representation |
|---|
{ "helo": string, "mail_from": string, "rcpt_to": [ string ], "server_response": [ string ], "message_path": string, "is_webmail": boolean, "is_tls": boolean } |
| Fields | |
|---|---|
helo |
|
mail_from |
|
rcpt_to[] |
|
server_response[] |
|
message_path |
|
is_webmail |
|
is_tls |
|