Recipient

The recipient of an email or called to number for a VoIP log.

Data Type

String

Aliases

Field Relationships

• Sender

• Subject

• Session

• Session Type

Common Applications

• Email logs

• VoIP logs

• Instant messaging services

Use Case

Tracking malware infection vector.

MPE/Data Masking Manipulations

Mapped to Recipient Identity.

Usage Standards

• Recipient shall not be used for identifying the direction of network traffic or network zones.

• Only used for destination email, destination caller, chat, instant messaging, or other communication mediums, such asAOL Instant MessengerIRCLyncSkypeGoogle HangoutsFax

Examples

• ColdFusion Mailsent Log

"Information","scheduler-2","12/28/11","09:14:33",,"Mail: 'Web site submission from Pete Store' From:'NoReply@recordflow.biz' To:'mdaveman@recordlow.com' was successfully sent using smtp.recordflow.biz"

• Cisco Telepresence Video Communications Server

04 26 2016 16:40:14 1.1.1.1 <USER:NOTE> 2016-04-26T16:40:14-04:00 radvcsx tvcs: Event="Call Attempted" Service="SIP" Src-ip="1.1.1.1" Src-port="1196" Src-alias-type="SIP" Src-alias="sip:pete.store@Host5" Dst-alias-type="SIP" Dst-alias="sip:dpackl@Host5" Call-serial-number="d415c222-fd22-47fd-8d0a-222b1a351460" Tag="02e3b418-f67b-408b-22b2-adafea222e32" Protocol="TLS" Auth="NO" Level="1" UTCTime="2016-04-26 20:40:14,467"

• Cisco Unified Comm Mgr (Call Mgr)

05 22 2012 15:05:49 1.1.1.1 <LOC7:WARN> 750: May 22 2012 20:05:49.41 UTC :  %UC_CALLMANAGER-4-MaliciousCall: %[Called Party Number=2755][Called Device Name= USABLDRRECFLOW01][Called Display Name=Jason Riggins][Calling Party Number=2378][Calling Device Name= USABLDRRECFLOW01][Calling Display Name=Dave Store Test][App ID=Cisco CallManager][Cluster ID=StandAloneCluster][Node ID=KaM-CCM2-SubT]: A malicious call has been identified