The Windows or DNS domain name from which the activity reported in the log originates.
This field is not available in LogRhythm versions earlier than 7.4.0.
Data Type
String
Aliases
|
Use |
Alias |
|---|---|
|
Client Console Full Name |
Domain (Origin) |
|
Client Console Short Name |
Not applicable |
|
Web Console Tab/Name |
Domain (Origin) |
|
Elasticsearch Field Name |
domain |
|
Rule Builder Column Name |
Domain |
|
Regex Pattern |
<domainorigin> |
|
NetMon Name |
Not applicable |
Field Relationships
- SIP
- SIPv4
- SIPv6
- SIPv6E
- Origin Hostname
- Origin Hostname or IP
- Origin NAT IP
- DIP
- DIPv4
- DIPv6
- DIPv6E
- Impacted Hostname
- Impacted Hostname or IP
- Impacted NAT IP
- Origin Port
- Origin NAT Port
- Impacted Port
- Impacted NAT Port
- Origin MAC Address
- Impacted MAC Address
- Origin Interface
- Impacted Interface
- Origin Domain
- Origin Login
- Impacted Account
- IANA Protocol Number
- IANA Protocol Name
Common Applications
-
WebProxy
-
Network monitoring
-
Active Directory
-
SSO
Use Case
Correlating user activity across domains.
MPE/Data Masking Manipulations
Not applicable.