Origin Hostname
The hostname from which activity originated (for example, attacker or client).
Data Type
String
Aliases
| Use | Alias |
|---|---|
Client Console Full Name | Host (Origin) |
Client Console Short Name | Not applicable |
Web Console Tab/Name | Host (Origin) |
Elasticsearch Field Name | originHostName |
Rule Builder Column Name | SName |
Regex Pattern | <sname> |
NetMon Name | Not applicable |
Field Relationships
- SIP
- SIPv4
- SIPv6
- SIPv6E
- Origin Hostname or IP
- Origin NAT IP
- DIP
- DIPv4
- DIPv6
- DIPv6E
- Impacted Hostname
- Impacted Hostname or IP
- Impacted NAT IP
- Origin Port
- Origin NAT Port
- Impacted Port
- Impacted NAT Port
- Origin MAC Address
- Impacted MAC Address
- Origin Interface
- Impacted Interface
- Origin Domain
- Impacted Domain
- Origin Login
- Impacted Account
- IANA Protocol Number
- IANA Protocol Name
Common Applications
Networked equipment.
Use Case
Host context
MPE/Data Masking Manipulations
Polyfield – Origin Host
Usage Standards
- Origin is Client (In Client-Server Model).
- Origin is Attacker (In Attacker-Target Model).
- Can be used for parsing fully qualified domain names for non-world wide web context hostnames.
Examples
- Windows Event Log
<Event xmlns='http://Host2/win/2004/08/events/event'><System><Provider Name='NETLOGON'/><EventID Qualifiers='0'>5805</EventID><Level></Level><Task>None</Task><Keywords></Keywords><TimeCreated SystemTime='2014-02-06T06:03:06.000000000Z'/><EventRecordID>156578</EventRecordID><Channel>System</Channel><Computer> USABLDRRECFLOW01</Computer><Security/></System><EventData>The session setup from the computer USABLDRRECFLOW02 failed to authenticate. The following error occurred:
Access is denied.</EventData></Event>
Origin Host is the system trying to authenticate. <Computer> is the origin of the log message here, but also the domain controller which the origin is trying to authenticate against. Client-Server (origin-impacted) relationship applies here.