Destination

Top Level Fieldset: True

Destination fields capture information about the receiver of an event.

Destination Fields

destination.address

Required Field: False
Type: STRING
Example: 8.8.8.8
Detection Supported Field: True

The raw address of the destination according to the source. This value should be duplicated to destination.ip or destination.domain, depending on which one applies.

destination.domain

Required Field: False
Type: STRING
Example: example.com
Detection Supported Field: True

The domain name of the destination. This value can be a host name or FQDN.

destination.indicators

Required Field: False
Type: ARRAY
Example: ['malicious']
Detection Supported Field: True

Threat indicators identified through enrichment, specific to a destination.

destination.ip

Required Field: False
Type: STRING
Example: 8.8.8.8
Detection Supported Field: True

IP address of the destination (IPv4 or IPv6.)

destination.mac

Required Field: False
Type: STRING
Example: 00-00-5E-00-53-23
Detection Supported Field: True

MAC address of the destination.

destination.port

Required Field: False
Type: INTEGER
Example: 53
Detection Supported Field: True

Port of the destination.