IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Autonomous System Fieldsedit
An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain that presents a common, clearly defined routing policy to the internet.
Autonomous System Field Detailsedit
Field | Description | Level |
---|---|---|
Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet. type: long example: |
extended |
|
Organization name. type: keyword Multi-fields: * as.organization.name.text (type: match_only_text) example: |
extended |
Field Reuseedit
The as
fields are expected to be nested at:
-
client.as
-
destination.as
-
server.as
-
source.as
-
threat.enrichments.indicator.as
-
threat.indicator.as
Note also that the as
fields are not expected to be used directly at the root of the events.