Heads up! These docs are for STIX 1.1.1, which is not the latest version (1.2). View the latest!

NetworkConnectionObjectTypeNetwork Connection Object Schema

The NetworkConnectionObjectType is intended as a way of characterizing local or remote (i.e. Internet) network connections.


Fields

Field Name Type Description
@object_referenceoptional QName

The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.

Custom_Properties0..1 CustomPropertiesType

The Custom_Properties construct is optional and enables the specification of a set of custom Object Properties that may not be defined in existing Properties schemas.

@tls_usedoptional boolean

The tls_used field specifies whether or not Transport Layer Security (TLS) is used in the network connection.

Creation_Time0..1 DateTimeObjectPropertyType

The Creation_Time field specifies the date/time the network connection was created.

Layer3_Protocol0..1 Layer3ProtocolType

The Layer3_Protocol field specifies the particular network (layer 3 in the OSI model) layer protocol used in the connection.

Layer4_Protocol0..1 Layer4ProtocolType

The Layer4_Protocol field specifies the particular transport (layer 4 in the OSI model) layer protocol used in the connection.

Layer7_Protocol0..1 Layer7ProtocolType

The Layer7_Protocol field specifies the particular application (layer 7 in the OSI model) layer protocol used in the connection.

Source_Socket_Address0..1 SocketAddressObjectType

The Source_Socket_Address field specifies the source socket address, consisting of an IP Address and port number, used in the connection.

Source_TCP_State0..1 TCPStateEnum

The Source_TCP_State field specifies the current state of the TCP network connection at the source, if applicable.

Destination_Socket_Address0..1 SocketAddressObjectType

The Destination_Socket_Address field specifies the destination socket address, consisting of an IP Address and port number, used in the connection.

Destination_TCP_State0..1 TCPStateEnum

The Destination_TCP_State field specifies the current state of the TCP network connection at the destination, if applicable.

Layer7_Connections0..1 Layer7ConnectionsType

The Layer7_Connections field allows for the characterization of any application (layer 7 in the OSI model) layer connections observed as part of the network connection.