Supported Data Types

The engine supports six types of telemetry, as described by the table below.

Data TypeRemarks
IPEgress IPv4 and IPv6 connections to Internet destinations
DNSEgress DNS query events for valid Internet domains
HTTPEgress HTTP requests to Internet destinations
TLSTLS sessions, including JA3 fingerprints and X.509 certificate information
DHCPDHCP telemetry is used to correlate alerts to hostnames and identities

Note: AE expects egress network events (i.e. traffic originating within your environment flowing outbound to the Internet, known as north-south telemetry) versus ingress events, as our use cases are tuned to identify compromised systems communicating outward to odd destinations.