Supported Data Types
The engine supports six types of telemetry, as described by the table below.
Data Type | Remarks |
---|---|
IP | Egress IPv4 and IPv6 connections to Internet destinations |
DNS | Egress DNS query events for valid Internet domains |
HTTP | Egress HTTP requests to Internet destinations |
TLS | TLS sessions, including JA3 fingerprints and X.509 certificate information |
DHCP | DHCP telemetry is used to correlate alerts to hostnames and identities |
VPN | VPN telemetry is used to correlate alerts to hostnames and identities |
Note: AE expects egress network events (i.e. traffic originating within your environment flowing outbound to the Internet, known as north-south telemetry) versus ingress events, as our use cases are tuned to identify compromised systems communicating outward to odd destinations.