Impacted Hostname
The host that was affected by the activity (for example, target or server).
Data Type
String
Aliases
| Use | Alias |
|---|---|
Client Console Full Name | Host (Impacted) |
Client Console Short Name | Not applicable |
Web Console Tab/Name | Host (Impacted) |
Elasticsearch Field Name | impactedName |
Rule Builder Column Name | DName |
Regex Pattern | <dname> |
NetMon Name | Not applicable |
Field Relationships
- SIP
- SIPv4
- SIPv6
- SIPv6E
- Origin Hostname
- Origin Hostname or IP
- Origin NAT IP
- DIP
- DIPv4
- DIPv6
- DIPv6E
- Impacted Hostname or IP
- Impacted NAT IP
- Origin Port
- Origin NAT Port
- Impacted Port
- Impacted NAT Port
- Origin MAC Address
- Impacted MAC Address
- Origin Interface
- Impacted Interface
- Origin Domain
- Impacted Domain
- Origin Login
- Impacted Account
- IANA Protocol Number
- IANA Protocol Name
Common Applications
Networked equipment
Use Case
Host context
MPE/Data Masking Manipulations
Polyfield – Impacted Host
Usage Standards
- Impacted is Server (In Client-Server Model).
- Impacted is Target (In Attacker-Target Model).
- Can be used for parsing fully qualified domain names for non-world wide web context hostnames.
Examples
- Windows Event Log
<Event xmlns='http://Host2/win/2004/08/events/event'><System><Provider Name='NETLOGON'/><EventID Qualifiers='0'>5805</EventID><Level></Level><Task>None</Task><Keywords></Keywords><TimeCreated SystemTime='2014-02-06T06:03:06.000000000Z'/><EventRecordID>156578</EventRecordID><Channel>System</Channel><Computer> USABLDRRECFLOW01</Computer><Security/></System><EventData>The session setup from the computer USABLDRRECFLOW02failed to authenticate. The following error occurred:
Access is denied.</EventData></Event>
<Computer> is the origin of the log message here, but also the domain controller which the origin is trying to authenticate against and is therefore impacted. Client-Server (origin-impacted) relationship applies here. Computer client trying to authenticate is the origin of the request to the server.