Source fields describe details about the source of a packet/event.
Source fields are usually populated in conjunction with destination fields.
Some event source addresses are defined ambiguously. The event will sometimes list an IP, a domain or a unix socket. You should always store the raw address in the
Then it should be duplicated to
Bytes sent from the source to the destination.
IP address of the source.
Can be one or multiple IPv4 or IPv6 addresses.
MAC address of the source.
Packets sent from the source to the destination.
Port of the source.