Session
Object
Applicable Profiles: Date/Time
The Session object describes details about an authenticated session. e.g. Session Creation Time, Session Issuer. Defined by D3FEND d3f:Session.
| Name | Caption | Requirement | Type | Description |
|---|---|---|---|---|
| count | Count | Optional | Integer | The number of identical sessions spawned from the same source IP, destination IP, application, and content/threat type seen over a period of time. |
| created_time | Created Time | Recommended | Timestamp | The time when the session was created. |
| created_time_dt | Created Time | Optional | Datetime | The time when the session was created. |
| credential_uid | User Credential ID O | Optional | String | The unique identifier of the user's credential. For example, AWS Access Key ID. |
| expiration_reason | Expiration Reason | Optional | String | The reason which triggered the session expiration. |
| expiration_time | Expiration Time | Optional | Timestamp | The session expiration time. |
| expiration_time_dt | Expiration Time | Optional | Datetime | The session expiration time. |
| is_mfa | Multi Factor Authentication | Optional | Boolean | Indicates whether Multi Factor Authentication was used during authentication. |
| is_remote | Remote | Recommended | Boolean | The indication of whether the session is remote. |
| is_vpn | VPN Session | Optional | Boolean | The indication of whether the session is a VPN session. |
| issuer | Issuer Details | Recommended | String | The identifier of the session issuer. |
| terminal | Terminal | Optional | String | The Pseudo Terminal associated with the session. Ex: the tty or pts value. |
| uid | Unique ID | Recommended | String | The unique identifier of the session. |
| uid_alt | Alternate ID | Optional | String | The alternate unique identifier of the session. e.g. AWS ARN - arn:aws:sts::123344444444:assumed-role/Admin/example-session. |
| uuid | UUID | Optional | UUID | The universally unique identifier of the session. |
- Authentication Class
- Attribute: session
- Authorize Session Class
- Attribute: session
- Tunnel Activity Class
- Attribute: session
- User Session Query Class
- Attribute: session
- Actor Object
- Attribute: session
- Network Connection Information Object
- Attribute: session
- Process Object
- Attribute: session