IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Agent Fields Client Fields »
Elastic Docs Elastic Common Schema (ECS) Reference [8.8] ECS Field Reference

Autonomous System Fields

edit

Autonomous System Fields

edit

An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain that presents a common, clearly defined routing policy to the internet.

Autonomous System Field Details

edit
Field Description Level

as.number

Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet.

type: long

example: 15169

extended

as.organization.name

Organization name.

type: keyword

Multi-fields:

  • as.organization.name.text (type: match_only_text)

example: Google LLC

extended

Field Reuse

edit

The as fields are expected to be nested at:

  • client.as
  • destination.as
  • server.as
  • source.as
  • threat.enrichments.indicator.as
  • threat.indicator.as

Note also that the as fields are not expected to be used directly at the root of the events.

« Agent Fields Client Fields »