outboundnetworkevents

KC7 Data Tables

Definition

`OutboundNetworkEvents` is a KC7 data table that shows traffic leaving a company’s systems and going out to external websites or services. Whenever an employee browses the internet, an application connects to a cloud service, or a system sends data outside the organization, that activity creates outbound network records.

In real organizations, firewalls, proxies, endpoint tools, and network monitoring systems collect similar outbound traffic logs to help defenders detect suspicious activity, malware communications, and possible data exfiltration.

| Field          | What it means in simple terms                                                                                          |
| -------------- | ---------------------------------------------------------------------------------------------------------------------- |
| **timestamp**  | The exact date and time the outbound request happened                                                                  |
| **method**     | The type of request being made, such as GET to retrieve data or POST to send data                                     |
| **src_ip**     | The internal IP address of the device making the outbound request                                                      |
| **user_agent** | Information about the browser, application, or script making the request                                               |
| **url**        | The external website, API, or resource the device is trying to access                                                  |

**What defenders learn from this table**

* Which internal devices are communicating with external systems
* Whether traffic looks like normal user activity or automated scripts
* If systems are connecting to suspicious or malicious websites
* Whether malware may be attempting outbound communications
* How frequently devices communicate with outside services

**Example query**

```kusto
OutboundNetworkEvents
| summarize count() by src_ip
| top 10 by count_
```

This helps identify which internal systems are generating the most outbound traffic. Analysts can use this to investigate unusual activity, compromised systems, or devices communicating excessively with external services.

outboundnetworkevents

Definition

Explore More Terms