Breadcrumbs

Impacted Hostname or IP

The host that was affected by the activity (for example, target or server).

Data Type

  • String

  • IP

Aliases

Use

Alias

Client Console Full Name

Host (Impacted)

Client Console Short Name

Not applicable

Web Console Tab/Name

Host (Impacted)

Elasticsearch Field Name

impactedName, impactedIp

Rule Builder Column Name

Not applicable

Regex Pattern

(<dipn>)

NetMon Name

Not applicable

Field Relationships

  • SIP
  • SIPv4
  • SIPv6
  • SIPv6E
  • Origin Hostname
  • Origin Hostname or IP
  • Origin NAT IP
  • DIP
  • DIPv4
  • DIPv6
  • DIPv6E
  • Impacted Hostname
  • Impacted NAT IP
  • Origin Port


  • Origin NAT Port
  • Impacted Port
  • Impacted NAT Port
  • Origin MAC Address
  • Impacted MAC Address
  • Origin Interface
  • Impacted Interface
  • Origin Domain
  • Impacted Domain
  • Origin Login
  • Impacted Account
  • IANA Protocol Number
  • IANA Protocol Name

Common Applications

Not applicable

Use Case

See DIP/DestinationIP/Impacted IP and Impacted Hostname.

MPE/Data Masking Manipulations

See DIP/DestinationIP/Impacted IP and Impacted Hostname.

Usage Standards

  • Use when a log can contain either an IP or a hostname in the same location.

  • Must be wrapped in parenthesis to function (<dipn>).

  • Do not overload/override.

Examples

  • Aruba Clear Pass10 22 2015 16:23:22 1.1.1.1 <LOC1:INFO> 2015-10-22 16:23:22,956 [Th 12047 Req 8677508 SessId R0014aec9-06-5628c022] INFO  RadiusServer.Radius - rlm_ldap: found user host/ USABLDRRECFLOW01com in AD:dc-del4-1.synapse.com10 22 2015 13:58:51 1.1.1.1 <LOC1:INFO> 2015-10-22 13:58:51,299 [Th 7649 Req 1708827 SessId R00060774-01-5628c16b] INFO  RadiusServer.Radius - rlm_ldap: searching for user 000000000 in AD:1.1.1.1

Server being queried (impacted) in log can be represented by an IP or a Hostname.

  • Cisco Router03 02 2009 11:26:27 ATC-CW2K <LOC0:CRIT> Mar  2 11:26:54 USABLDRRECFLOW01ITMGSC: %local0-2-EVENT: 09$Partition=0]PartitionName=&)MODE=3;Alert ID=00061D0}Event ID=001KMPZ|Status=Active^Severity=Critical^Managed Object=1.1.1.1^Managed Object Type=Wireless^CUSTID=Security_Group^CUSTREV=*^Description=HighQueueDropRate::Component=IF-1.1.1.1/1 [Do0];Type=IEEE80211;OutputPacketNoErrorRate=0.11666667  PPS;DuplexMode=FULLDUPLEX;InputPacketQueueDropRate=0.0125  PPS;InputPacketQueueDropPct=48.07692  %;MaxSpeed=54000000;OutputPacketQueueDropPct=0.003 02 2009 11:24:57 ATC-CW2K <LOC0:CRIT> Mar  2 11:25:24 USABLDRRECFLOW01 ITMGSC: %local0-2-EVENT: 09$Partition=0]PartitionName=&)MODE=3;Alert ID=0002O5E}Event ID=001KMPT|Status=Active^Severity=Critical^Managed Object=Host2^Managed Object Type=Routers^CUSTID=Security_Group^CUSTREV=*^Description=Unresponsive::Component=1.1.1.1 [Host2];IPStatus=OK;InterfaceName=IF-Host2/19 [Gi0/0.80] [1.1.1.1] [WAAS INTERFACE];InterfaceType=L2VLAN;InterfaceOperStatus=UP;NetworkNumber=1.1.1.1;Inter

In the above two logs Managed Object= can contain either a hostname or an IP address. In both cases, the host/IP are impacted as the object being managed not the manager.