STIX 2.x documentation is available here. This site contains archived STIX 1.x documentation. STIX is now maintained by the OASIS CTI TC.

NetworkLayerInfoTypeNetwork Flow Object Schema

Network layer information (relative to the OSI network model) which is typically captured in all types of network flow records.

Fields

Field Name	Type	Description
Src_Socket_Address0..1	SocketAddressObjectType	Represents the source IP socket address, consisting of an IP address and port number, for the network flow expressed. Note that not all flow protocols support IPv6 addresses.
Dest_Socket_Address0..1	SocketAddressObjectType	Represents the destination IP socket address, consisting of an IP address and port number, for the network flow expressed. Note that not all flow protocols support IPv6 addresses.
IP_Protocol0..1	IANAAssignedIPNumbersType	The IP Protocol of the network flow. This is usually TCP, UDP, or SCTP, but can include others as represented in NetFlow as an integer from 0 to 255. Please refer to http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml for reference.