Supported Data Types
The engine supports six types of telemetry, as described by the table below.
| Data Type | Remarks |
|---|---|
| IP | Egress IPv4 and IPv6 connections to Internet destinations |
| DNS | Egress DNS query events for valid Internet domains |
| HTTP | Egress HTTP requests to Internet destinations |
| TLS | TLS sessions, including JA3 fingerprints and X.509 certificate information |
| DHCP | DHCP telemetry is used to correlate alerts to hostnames and identities |
| VPN | VPN telemetry is used to correlate alerts to hostnames and identities |
Note: AE expects egress network events (i.e. traffic originating within your environment flowing outbound to the Internet, known as north-south telemetry) versus ingress events, as our use cases are tuned to identify compromised systems communicating outward to odd destinations.