Sender
The sender of an email or the caller number for a VoIP log. Must relate to a specific user, or unique address in the case of a phone call or email.
Data Type
String
Aliases
| Use | Alias |
|---|---|
Client Console Full Name | Sender |
Client Console Short Name | Not applicable |
Web Console Tab/Name | Sender |
Elasticsearch Field Name | sender |
Rule Builder Column Name | Sender |
Regex Pattern | <sender> |
NetMon Name | Not applicable |
Field Relationships
- Recipient
- Subject
- Session
- Session Type
Common Applications
- Email logs
- VoIP logs
Use Case
- Identify spam traffic by looking at top senders of email.
- Track ransomware back to source/spread pattern.
MPE/Data Masking Manipulations
Mapped to Sender Identity.
Usage Standards
- Sender shall not be used for identifying the direction of network traffic or network zones.
- Only used for origin email, origin caller, chat, instant messaging, or other communication mediums, such as
- AOL Instant Messenger
- IRC
- Lync
- Skype
- Google Hangouts
- Fax
Examples
- ColdFusion Mailsent Log
"Information","scheduler-2","12/28/11","09:14:33",,"Mail: 'Web site submission from Donna Hirt' From:'NoReply@recordflow.biz' To:'mcoffman@sagepointadvisor.com' was successfully sent using mta23.colo.lan"
From email parsed appropriately.
- Cisco Telepresence Video Communications Server
04 26 2016 16:40:14 1.1.1.1 <USER:NOTE> 2016-04-26T16:40:14-04:00 radvcsx tvcs: Event="Call Attempted" Service="SIP" Src-ip="1.1.1.1" Src-port="1196" Src-alias-type="SIP" Src-alias="sip:pete_store@Host5" Dst-alias-type="SIP" Dst-alias="sip:dpack@Host5" Call-serial-number="d415c736-fd67-47fd-8d0a-892b1a351460" Tag="02e3b418-f67b-408b-92b2-adafea551e32" Protocol="TLS" Auth="NO" Level="1" UTCTime="2016-04-26 20:40:14,467"
Src-Alias in this case a VoIP call origin.
- Cisco Unified Comm Mgr (Call Mgr)
05 22 2012 15:05:49 1.1.1.1 <LOC7:WARN> 750: May 22 2012 20:05:49.41 UTC : %UC_CALLMANAGER-4-MaliciousCall: %[Called Party Number=2755][Called Device Name=SEP002414B3815B][Called Display Name=Jason Riggins][Calling Party Number=2378][Calling Device Name=recflow00001][Calling Display Name=recflow Test][App ID=Cisco CallManager][Cluster ID=StandAloneCluster][Node ID=rec-flow-001]: A malicious call has been identified
Another VoIP call origin.