NetworkEndpoint
Contains information about network endpoints involved in an Amazon GuardDuty Extended Threat Detection attack sequence. GuardDuty generates an attack sequence finding when multiple events align to a potentially suspicious activity. To receive GuardDuty attack sequence findings in AWS Security Hub, you must have GuardDuty enabled. For more information, see GuardDuty Extended Threat Detection in the Amazon GuardDuty User Guide.
This field can provide information about the network endpoints associated with the resource in the attack sequence finding, or about a specific network endpoint used for the attack.
Contents
- AutonomousSystem
-
The Autonomous System Number (ASN) of the network endpoint.
Type: NetworkAutonomousSystem object
Required: No
- Connection
-
Information about the network connection.
Type: NetworkConnection object
Required: No
- Domain
-
The domain information for the network endpoint.
Type: String
Pattern:
.*\S.*Required: No
- Id
-
The identifier of the network endpoint involved in the attack sequence.
Type: String
Pattern:
.*\S.*Required: No
- Ip
-
The IP address used in the network endpoint.
Type: String
Pattern:
.*\S.*Required: No
- Location
-
Information about the location of the network endpoint.
Type: NetworkGeoLocation object
Required: No
- Port
-
The port number associated with the network endpoint.
Type: Integer
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
