Skip to main content
Skip table of contents

Origin Hostname or IP

The hostname or IP from which activity originated (for example, attacker or client).

Data Type

  • String
  • IP

Aliases

UseAlias

Client Console Full Name

Host (Origin)

Client Console Short Name

Not applicable

Web Console Tab/Name

Host (Origin)

Elasticsearch Field Name

originName, originIp

Rule Builder Column Name

SIP, SName

Regex Pattern

(<sipn>)

NetMon Name

Not applicable

Field Relationships

  • SIP
  • SIPv4
  • SIPv6
  • SIPv6E
  • Origin Hostname
  • Origin NAT IP
  • DIP
  • DIPv4
  • DIPv6
  • DIPv6E
  • Impacted Hostname
  • Impacted Hostname or IP
  • Impacted NAT IP
  • Origin Port
  • Origin NAT Port
  • Impacted Port
  • Impacted NAT Port
  • Origin MAC Address
  • Impacted MAC Address
  • Origin Interface
  • Impacted Interface
  • Origin Domain
  • Impacted Domain
  • Origin Login
  • Impacted Account
  • IANA Protocol Number
  • IANA Protocol Name

Common Applications

See IP Address (Origin) and Origin Hostname.

Use Case

See IP Address (Origin) and Origin Hostname.

MPE/Data Masking Manipulations

See IP Address (Origin) and Origin Hostname.

Usage Standards

  • Use when a log can contain either an IP or a hostname in the same location.
  • Must be wrapped in parenthesis to function (<sipn>).
  • Do not overload or override.

Examples

  • Windows Event Log
    • <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Time-Service' Guid='{06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb}'/><EventID>37</EventID><Version>0</Version><Level>Information</Level><Task>None</Task><Opcode>Info</Opcode><Keywords></Keywords><TimeCreated SystemTime='2016-08-02T19:21:10.521541000Z'/><EventRecordID>5823536</EventRecordID><Correlation/><Execution ProcessID='968' ThreadID='6580'/><Channel>System</Channel><Computer> USABLDRRECFLOW01</Computer><Security UserID='NT AUTHORITY\LOCAL SERVICE'/></System><EventData Name='TMP_EVENT_TIME_SOURCE_REACHABLE'><Data Name='TimeSource'> USABLDRRECFLOW01 (ntp.d|1.1.1.1:123->1.1.1.1:123)</Data></EventData></Event>
    • <Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Time-Service' Guid='{06edcfeb-0fd0-4e53-acca-a6f8bbf81bcb}'/><EventID>37</EventID><Version>0</Version><Level>Information</Level><Task>None</Task><Opcode>Info</Opcode><Keywords></Keywords><TimeCreated SystemTime='2016-09-10T02:47:47.934071900Z'/><EventRecordID>534913</EventRecordID><Correlation/><Execution ProcessID='1008' ThreadID='7908'/><Channel>System</Channel><Computer> USABLDRRECFLOW01</Computer><Security UserID='NT AUTHORITY\LOCAL SERVICE'/></System><EventData Name='TMP_EVENT_TIME_SOURCE_REACHABLE'><Data Name='TimeSource'>1.1.1.1,0x8 (ntp.m|0x8|1.1.1.1:123->1.1.1.1:123)</Data></EventData></Event>

TimeSource can either be an IP or a hostname in these examples.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close