Some attack events do not have details on the connection and appear incomplete. There may be missing Destination IP, Protocol, or Source IP information.

Some events are triggered before a connection is established or after a socket has been killed, so those details are unavailable.

• Computer Information Gathering attack events will not report connection details, as it is not a connection detection
  
  
• Untrusted SMB Connection attack events may not report Destination IP, Protocol, or Source IP
  When the first event in an attack is blocked, the socket is also killed. Any subsequent attempts to send data on the socket are caught and reported, even though the send fails.