Impacted Hostname or IP
The host that was affected by the activity (for example, target or server).
Data Type
- String
- IP
Aliases
| Use | Alias |
|---|---|
Client Console Full Name | Host (Impacted) |
Client Console Short Name | Not applicable |
Web Console Tab/Name | Host (Impacted) |
Elasticsearch Field Name | impactedName, impactedIp |
Rule Builder Column Name | Not applicable |
Regex Pattern | (<dipn>) |
NetMon Name | Not applicable |
Field Relationships
- SIP
- SIPv4
- SIPv6
- SIPv6E
- Origin Hostname
- Origin Hostname or IP
- Origin NAT IP
- DIP
- DIPv4
- DIPv6
- DIPv6E
- Impacted Hostname
- Impacted NAT IP
- Origin Port
- Origin NAT Port
- Impacted Port
- Impacted NAT Port
- Origin MAC Address
- Impacted MAC Address
- Origin Interface
- Impacted Interface
- Origin Domain
- Impacted Domain
- Origin Login
- Impacted Account
- IANA Protocol Number
- IANA Protocol Name
Common Applications
Not applicable
Use Case
See DIP/DestinationIP/Impacted IP and Impacted Hostname.
MPE/Data Masking Manipulations
See DIP/DestinationIP/Impacted IP and Impacted Hostname.
Usage Standards
- Use when a log can contain either an IP or a hostname in the same location.
- Must be wrapped in parenthesis to function (<dipn>).
- Do not overload/override.
Examples
- Aruba Clear Pass
10 22 2015 16:23:22 1.1.1.1 <LOC1:INFO> 2015-10-22 16:23:22,956 [Th 12047 Req 8677508 SessId R0014aec9-06-5628c022] INFO RadiusServer.Radius - rlm_ldap: found user host/ USABLDRRECFLOW01com in AD:dc-del4-1.synapse.com10 22 2015 13:58:51 1.1.1.1 <LOC1:INFO> 2015-10-22 13:58:51,299 [Th 7649 Req 1708827 SessId R00060774-01-5628c16b] INFO RadiusServer.Radius - rlm_ldap: searching for user 000000000 in AD:1.1.1.1
Server being queried (impacted) in log can be represented by an IP or a Hostname.
- Cisco Router
03 02 2009 11:26:27 ATC-CW2K <LOC0:CRIT> Mar 2 11:26:54 USABLDRRECFLOW01ITMGSC: %local0-2-EVENT: 09$Partition=0]PartitionName=&)MODE=3;Alert ID=00061D0}Event ID=001KMPZ|Status=Active^Severity=Critical^Managed Object=1.1.1.1^Managed Object Type=Wireless^CUSTID=Security_Group^CUSTREV=*^Description=HighQueueDropRate::Component=IF-1.1.1.1/1 [Do0];Type=IEEE80211;OutputPacketNoErrorRate=0.11666667 PPS;DuplexMode=FULLDUPLEX;InputPacketQueueDropRate=0.0125 PPS;InputPacketQueueDropPct=48.07692 %;MaxSpeed=54000000;OutputPacketQueueDropPct=0.003 02 2009 11:24:57 ATC-CW2K <LOC0:CRIT> Mar 2 11:25:24 USABLDRRECFLOW01 ITMGSC: %local0-2-EVENT: 09$Partition=0]PartitionName=&)MODE=3;Alert ID=0002O5E}Event ID=001KMPT|Status=Active^Severity=Critical^Managed Object=Host2^Managed Object Type=Routers^CUSTID=Security_Group^CUSTREV=*^Description=Unresponsive::Component=1.1.1.1 [Host2];IPStatus=OK;InterfaceName=IF-Host2/19 [Gi0/0.80] [1.1.1.1] [WAAS INTERFACE];InterfaceType=L2VLAN;InterfaceOperStatus=UP;NetworkNumber=1.1.1.1;Inter
In the above two logs Managed Object= can contain either a hostname or an IP address. In both cases, the host/IP are impacted as the object being managed not the manager.