The NetworkConnectionObjectType is intended as a way of characterizing local or remote (i.e. Internet) network connections.
The object_reference field specifies a unique ID reference to an Object defined elsewhere. This construct allows for the re-use of the defined Properties of one Object within another, without the need to embed the full Object in the location from which it is being referenced. Thus, this ID reference is intended to resolve to the Properties of the Object that it points to.
The Custom_Properties construct is optional and enables the specification of a set of custom Object Properties that may not be defined in existing Properties schemas.
The tls_used field specifies whether or not Transport Layer Security (TLS) is used in the network connection.
The Creation_Time field specifies the date/time the network connection was created.
The Layer3_Protocol field specifies the particular network (layer 3 in the OSI model) layer protocol used in the connection.
The Layer4_Protocol field specifies the particular transport (layer 4 in the OSI model) layer protocol used in the connection.
The Layer7_Protocol field specifies the particular application (layer 7 in the OSI model) layer protocol used in the connection.
The Source_Socket_Address field specifies the source socket address, consisting of an IP Address and port number, used in the connection.
The Source_TCP_State field specifies the current state of the TCP network connection at the source, if applicable.
The Destination_Socket_Address field specifies the destination socket address, consisting of an IP Address and port number, used in the connection.
The Destination_TCP_State field specifies the current state of the TCP network connection at the destination, if applicable.
The Layer7_Connections field allows for the characterization of any application (layer 7 in the OSI model) layer connections observed as part of the network connection.