HTTP
HTTP events represents requests made over the network via the HTTP protocol.
Actions
|Action|Description| |—|—| |get|The event corresponding to an HTTP GET request.| |post|The event corresponding to an HTTP POST request.| |put|The event corresponding to an HTTP PUT request.| |tunnel|The event corresponding to an HTTP TUNNEL request.|
Fields
|Field|Description|Example|
|—|—|—|
hostname|hostname on which the request was seen.|HOST1
http_version|HTTP version that is specified in the header.|1.1
request_body_bytes|Integer value corresponding to the total number of bytes in the request.|180
request_body_content|Body of the HTTP request; usually specifies the exact content being requested.|
request_referrer|The URL from which the request was referred, if applicable.|http://cnn.com
requester_ip_address|IP address from which the request was made.|10.0.211.200
response_body_bytes|Integer value corresponding to the total number of bytes in the response.|2910
response_body_content|Content of the response (does not include header).|
response_status_code|HTTP protocol status code in response header|200
url_domain|Domain portion of the URL.|www.mitre.org
url_full|URL to which the HTTP request was sent|https://www.mitre.org/about/corporate-overview
url_remainder|the path after the root domain|/about/corporate-overview
url_scheme|type of user that initiated the request.|https
user_agent_device|Device type from which request was made, identified by user_agent substring|SM-G930VC (Samgsung Galaxy S7)
user_agent_full|User agent string associated with the request|HOST1\LOCALUSER1
user_agent_name|The user agent through which the request was made.|Mozilla/5.0 (Linux; Android 7.0; SM-G930VC Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/58.0.3029.83 Mobile Safari/537.36
user_agent_version|User Agent Version. Note that some User Agent strings may not label versions in the same way.|4.0
Coverage Map
| hostname | http_version | request_body_bytes | request_body_content | request_referrer | requester_ip_address | response_body_bytes | response_body_content | response_status_code | url_domain | url_full | url_remainder | url_scheme | user_agent_device | user_agent_full | user_agent_name | user_agent_version | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| get | |||||||||||||||||
| post | |||||||||||||||||
| put | |||||||||||||||||
| tunnel |