Impacted Interface
The network port or interface which was affected by the activity (for example, target or server).
Data Type
String
Aliases
| Use | Alias |
|---|---|
Client Console Full Name | Interface (Impacted) |
Client Console Short Name | Not applicable |
Web Console Tab/Name | Interface (Impacted) |
Elasticsearch Field Name | impactedInterface |
Rule Builder Column Name | DInterface |
Regex Pattern | <dinterface> |
NetMon Name | Not applicable |
Field Relationships
- SIP
- SIPv4
- SIPv6
- SIPv6E
- Origin Hostname
- Origin Hostname or IP
- Origin NAT IP
- DIP
- DIPv4
- DIPv6
- DIPv6E
- Impacted Hostname
- Impacted Hostname or IP
- Impacted NAT IP
- Origin Port
- Origin NAT Port
- Impacted Port
- Impacted NAT Port
- Origin MAC Address
- Impacted MAC Address
- Impacted Interface
- Origin Domain
- Impacted Domain
- Origin Login
- Impacted Account
- IANA Protocol Number
- IANA Protocol Name
Common Applications
- Switches
- Firewalls
- Network equipment
Use Case
Troubleshooting connectivity.
MPE/Data Masking Manipulations
Not applicable.
Usage Standards
- Impacted is Server (In Client-Server Model).
- Impacted is Target (In Attacker-Target Model).
- If you have more than just a port number (for example, a switch ID), capture full interface name including switch ID.
- A Wireless Access Point can be an interface.
Examples
- Aerohive Access Point
05 28 2013 18:38:30 1.1.1.1 <LOC6:INFO> ah_auth: Notify driver to disassoc 2222:cccc:ffff from wifi1.3
Disassociation of client from access point where the AP is impacted server. The client-server (origin-impacted) relationship applies.
- FortiGate
02 25 2010 13:56:25 1.1.1.1 <LOC5:ALRT> date=2010-02-25 time=13:56:25 devname=FG3222222222 device_id=FG22222222222 log_id=0419016384 type=ips subtype=signature pri=alert fwver=040003 severity=critical carrier_ep="N/A" profile="scan" src=1.1.1.1 dst=1.1.1.1 src_int="port1" dst_int="port2" policyid=48 serial=1514122225 status=detected proto=6 service=2612/tcp vd="root" count=1 src_port=80 dst_port=2612 attack_id=107347979 sensor="all_default" ref="http://Host1/ids/VID107347979" user="N/A" group="N/A" incident_serialno=128862693 msg="http_decoder: HTTP.Request.Smuggling"
Firewall log showing a signature detection with interface destination (impacted). In this case, the destination (impacted) is represented as destination from the Firewall perspective.