What different actions can netconns have and what do they mean?

• Carbon Black Cloud: All Supported Versions

• ACTION_CONNECTION_CREATE: When a connection has been attempted to be created between two points.
• ACTION_CONNECTION_ESTABLISHED - This means that a connection was established between the endpoint and something else.
• ACTION_CONNECTION_CREATE_FAILED - Creating the connection failed.
• ACTION_BROWSER_CONNECT - this communicates information about a network connection in the application layer.
• ACTION_CONNECTION_DISCOVERED - discovered/heart beat connection info // Potential alert triggered by packet inspection performed by an IDS module.

More information can be found here.