Impacted Hostname | LogRhythm Documentation

The host that was affected by the activity (for example, target or server).

Data Type

String

Aliases

Use	Alias
Client Console Full Name	Host (Impacted)
Client Console Short Name	Not applicable
Web Console Tab/Name	Host (Impacted)
Elasticsearch Field Name	impactedName
Rule Builder Column Name	DName
Regex Pattern	<dname>
NetMon Name	Not applicable

Field Relationships

SIP
SIPv4
SIPv6
SIPv6E
Origin Hostname
Origin Hostname or IP
Origin NAT IP
DIP
DIPv4
DIPv6
DIPv6E
Impacted Hostname or IP
Impacted NAT IP
Origin Port

Origin NAT Port
Impacted Port
Impacted NAT Port
Origin MAC Address
Impacted MAC Address
Origin Interface
Impacted Interface
Origin Domain
Impacted Domain
Origin Login
Impacted Account
IANA Protocol Number
IANA Protocol Name

Common Applications

Networked equipment

Use Case

Host context

MPE/Data Masking Manipulations

Polyfield – Impacted Host

Usage Standards

Impacted is Server (In Client-Server Model).
Impacted is Target (In Attacker-Target Model).
Can be used for parsing fully qualified domain names for non-world wide web context hostnames.

Examples

Windows Event Log

<Event xmlns='http://Host2/win/2004/08/events/event'><System><Provider Name='NETLOGON'/><EventID Qualifiers='0'>5805</EventID><Level></Level><Task>None</Task><Keywords></Keywords><TimeCreated SystemTime='2014-02-06T06:03:06.000000000Z'/><EventRecordID>156578</EventRecordID><Channel>System</Channel><Computer> USABLDRRECFLOW01</Computer><Security/></System><EventData>The session setup from the computer USABLDRRECFLOW02failed to authenticate. The following error occurred:

Access is denied.</EventData></Event>

<Computer> is the origin of the log message here, but also the domain controller which the origin is trying to authenticate against and is therefore impacted. Client-Server (origin-impacted) relationship applies here. Computer client trying to authenticate is the origin of the request to the server.