The following list shows search fields that you can use to locate XDR-enhanced netconn events. See the in-product Search Guide for a full list, descriptions, and examples of all search fields.
netconn_actions |
netconn_application_protocol |
netconn_bytes_received |
netconn_bytes_sent |
netconn_community_id |
netconn_domain |
netconn_first_packet_timestamp |
netconn_ja3_local_fingerprint |
netconn_ja3_local_fingerprint_fields |
netconn_ja3_remote_fingerprint |
netconn_ja3_remote_fingerprint_fields |
netconn_last_packet_timestamp |
netconn_remote_device_id |
netconn_remote_device_name |
netconn_request_headers |
netconn_request_method |
netconn_request_uri |
netconn_response_headers |
netconn_response_status_code |
netconn_server_name_indication |
netconn_tls_certificate_issuer_name |
netconn_tls_certificate_subject_name |
netconn_tls_certificate_not_valid_after |
netconn_tls_certificate_not_valid_before |
netconn_tls_version |
