Network

JSON representation
{
  "sent_bytes": string,
  "received_bytes": string,
  "sent_packets": string,
  "received_packets": string,
  "session_duration": string,
  "session_id": string,
  "parent_session_id": string,
  "application_protocol_version": string,
  "community_id": string,
  "direction": enum (Direction),
  "ip_protocol": enum (IpProtocol),
  "application_protocol": enum (ApplicationProtocol),
  "ftp": {
    object (Ftp)
  },
  "email": {
    object (Email)
  },
  "dns": {
    object (Dns)
  },
  "dhcp": {
    object (Dhcp)
  },
  "http": {
    object (Http)
  },
  "tls": {
    object (Tls)
  },
  "smtp": {
    object (Smtp)
  },
  "asn": string,
  "dns_domain": string,
  "carrier_name": string,
  "organization_name": string,
  "ip_subnet_range": string
}
Fields
sent_bytes

string

received_bytes

string

sent_packets

string (int64 format)

received_packets

string (int64 format)

session_duration

string (Duration format)

A duration in seconds with up to nine fractional digits, ending with 's'. Example: "3.5s".

session_id

string

parent_session_id

string

application_protocol_version

string

community_id

string

direction

enum (Direction)

ip_protocol

enum (IpProtocol)

application_protocol

enum (ApplicationProtocol)

ftp

object (Ftp)

email

object (Email)

dns

object (Dns)

dhcp

object (Dhcp)

http

object (Http)

tls

object (Tls)

smtp

object (Smtp)

asn

string

dns_domain

string

carrier_name

string

organization_name

string

ip_subnet_range

string

Direction

Enums
UNKNOWN_DIRECTION
INBOUND
OUTBOUND
BROADCAST

IpProtocol

Enums
UNKNOWN_IP_PROTOCOL
ICMP
IGMP
TCP
UDP
IP6IN4
GRE
ESP
ICMP6
EIGRP
ETHERIP
PIM
VRRP
SCTP

ApplicationProtocol

Enums
UNKNOWN_APPLICATION_PROTOCOL
AFP
APPC
AMQP
ATOM
BEEP
BITCOIN
BIT_TORRENT
CFDP
CIP
COAP
COTP
DCERPC
DDS
DEVICE_NET
DHCP
DICOM
DNP3
DNS
E_DONKEY
ENRP
FAST_TRACK
FINGER
FREENET
FTAM
GOOSE
GOPHER
GRPC
HL7
H323
HTTP
HTTPS
IEC104
IRCP
KADEMLIA
KRB5
LDAP
LPD
MIME
MMS
MODBUS
MQTT
NETCONF
NFS
NIS
NNTP
NTCIP
NTP
OSCAR
PNRP
PTP
QUIC
RDP
RELP
RIP
RLOGIN
RPC
RTMP
RTP
RTPS
RTSP
SAP
SDP
SIP
SLP
SMB
SMTP
SNMP
SNTP
SSH
SSMS
STYX
SV
TCAP
TDS
TOR
TSP
VTP
WHOIS
WEB_DAV
X400
X500
XMPP

Ftp

JSON representation
{
  "command": string
}
Fields
command

string

Email

JSON representation
{
  "from": string,
  "reply_to": string,
  "to": [
    string
  ],
  "cc": [
    string
  ],
  "bcc": [
    string
  ],
  "mail_id": string,
  "subject": [
    string
  ],
  "bounce_address": string
}
Fields
from

string

reply_to

string

to[]

string

cc[]

string

bcc[]

string

mail_id

string

subject[]

string

bounce_address

string

Dns

JSON representation
{
  "id": integer,
  "response": boolean,
  "opcode": integer,
  "authoritative": boolean,
  "truncated": boolean,
  "recursion_desired": boolean,
  "recursion_available": boolean,
  "response_code": integer,
  "questions": [
    {
      object (Question)
    }
  ],
  "answers": [
    {
      object (ResourceRecord)
    }
  ],
  "authority": [
    {
      object (ResourceRecord)
    }
  ],
  "additional": [
    {
      object (ResourceRecord)
    }
  ]
}
Fields
id

integer (uint32 format)

response

boolean

opcode

integer (uint32 format)

authoritative

boolean

truncated

boolean

recursion_desired

boolean

recursion_available

boolean

response_code

integer (uint32 format)

questions[]

object (Question)

answers[]

object (ResourceRecord)

authority[]

object (ResourceRecord)

additional[]

object (ResourceRecord)

Question

JSON representation
{
  "name": string,
  "type": integer,
  "class": integer,
  "prevalence": {
    object (Prevalence)
  }
}
Fields
name

string

type

integer (uint32 format)

class

integer (uint32 format)

prevalence

object (Prevalence)

ResourceRecord

JSON representation
{
  "name": string,
  "type": integer,
  "class": integer,
  "ttl": integer,
  "data": string,
  "binary_data": string
}
Fields
name

string

type

integer (uint32 format)

class

integer (uint32 format)

ttl

integer (uint32 format)

data

string

binary_data

string (bytes format)

A base64-encoded string.

Dhcp

JSON representation
{
  "opcode": enum (OpCode),
  "htype": integer,
  "hlen": integer,
  "hops": integer,
  "transaction_id": integer,
  "seconds": integer,
  "flags": integer,
  "ciaddr": string,
  "yiaddr": string,
  "siaddr": string,
  "giaddr": string,
  "chaddr": string,
  "sname": string,
  "file": string,
  "options": [
    {
      object (Option)
    }
  ],
  "type": enum (MessageType),
  "lease_time_seconds": integer,
  "client_hostname": string,
  "client_identifier": string,
  "requested_address": string
}
Fields
opcode

enum (OpCode)

htype

integer (uint32 format)

hlen

integer (uint32 format)

hops

integer (uint32 format)

transaction_id

integer (uint32 format)

seconds

integer (uint32 format)

flags

integer (uint32 format)

ciaddr

string

yiaddr

string

siaddr

string

giaddr

string

chaddr

string

sname

string

file

string

options[]

object (Option)

type

enum (MessageType)

lease_time_seconds

integer (uint32 format)

client_hostname

string

client_identifier

string (bytes format)

A base64-encoded string.

requested_address

string

OpCode

Enums
UNKNOWN_OPCODE
BOOTREQUEST
BOOTREPLY

Option

JSON representation
{
  "code": integer,
  "data": string
}
Fields
code

integer (uint32 format)

data

string (bytes format)

A base64-encoded string.

MessageType

Enums
UNKNOWN_MESSAGE_TYPE
DISCOVER
OFFER
REQUEST
DECLINE
ACK
NAK
RELEASE
INFORM
WIN_DELETED
WIN_EXPIRED

Http

JSON representation
{
  "method": string,
  "referral_url": string,
  "user_agent": string,
  "response_code": integer,
  "parsed_user_agent": {
  }
}
Fields
method

string

referral_url

string

user_agent

string

response_code

integer

parsed_user_agent

Client

JSON representation
{
  "certificate": {
    object (Certificate)
  },
  "ja3": string,
  "server_name": string,
  "supported_ciphers": [
    string
  ]
}
Fields
certificate

object (Certificate)

ja3

string

server_name

string

supported_ciphers[]

string

Certificate

JSON representation
{
  "version": string,
  "serial": string,
  "subject": string,
  "issuer": string,
  "md5": string,
  "sha1": string,
  "sha256": string,
  "not_before": string,
  "not_after": string
}
Fields
version

string

serial

string

subject

string

issuer

string

md5

string

sha1

string

sha256

string

not_before

string (Timestamp format)

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

not_after

string (Timestamp format)

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

Server

JSON representation
{
  "certificate": {
    object (Certificate)
  },
  "ja3s": string
}
Fields
certificate

object (Certificate)

ja3s

string

Smtp

JSON representation
{
  "helo": string,
  "mail_from": string,
  "rcpt_to": [
    string
  ],
  "server_response": [
    string
  ],
  "message_path": string,
  "is_webmail": boolean,
  "is_tls": boolean
}
Fields
helo

string

mail_from

string

rcpt_to[]

string

server_response[]

string

message_path

string

is_webmail

boolean

is_tls

boolean