DIPv6E | LogRhythm Documentation

The Impacted IPv4 IP address that was mapped to (for example, target or server).

Data Type

Aliases

Use	Alias
Client Console Full Name	Host (Impacted)
Client Console Short Name	Not applicable
Web Console Tab/Name	Host (Impacted)
Elasticsearch Field Name	impactedIpV6
Rule Builder Column Name	DIP
Regex Pattern	<dipv6e>
NetMon Name	Not applicable

Field Relationships

SIP
SIPv4
SIPv6
SIPv6E
Origin Hostname
Origin Hostname or IP
Origin NAT IP
DIP
DIPv4
DIPv6
Impacted Hostname
Impacted Hostname or IP
Impacted NAT IP
Origin Port

Origin NAT Port
Impacted Port
Impacted NAT Port
Origin MAC Address
Impacted MAC Address
Origin Interface
Impacted Interface
Origin Domain
Impacted Domain
Origin Login
Impacted Account
IANA Protocol Number
IANA Protocol Name

Common Applications

Networked equipment

Use Case

Host context

MPE/Data Masking Manipulations

Polyfield – Origin Host

Usage Standards

Do not override/overload, use <dipv6e> not (?<dipv6e>.*?).
Impacted is Server (In Client-Server Model).
Impacted is Target (In Attacker-Target Model).
Use when you see an Impacted IPv4 address mapped to IPv6.

Examples

Windows Event Log

<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'><System><Provider Name='Microsoft-Windows-Iphlpsvc' Guid='{66a5c15c-4f8e-4044-bf6e-71d896038977}'/><EventID>4200</EventID><Version>0</Version><Level>Information</Level><Task>None</Task><Opcode>Info</Opcode><Keywords></Keywords><TimeCreated SystemTime='2016-08-02T19:20:14.492842100Z'/><EventRecordID>5823520</EventRecordID><Correlation/><Execution ProcessID='920' ThreadID='3936'/><Channel>System</Channel><Computer> USABLDRRECFLOW01</Computer><Security UserID='NT AUTHORITY\SYSTEM'/></System><EventData><Data Name='ProtocolType'>1</Data><Data Name='Interface'>isatap.{f7eec065-6118-437c-8414-eeeeeeeeeeeee}</Data><Data Name='Address'>fe80::5efe:1.1.1.1</Data></EventData></Event>

Impacted Address is IPv4 address mapped to IPV6. Traditional IP parsers do not work with this type of address.