This documentation contains work-in-progress information for future Elastic Stack and Cloud releases. Use the version selector to view supported release docs. It also contains some Elastic Cloud serverless information. Check out our serverless docs for more details.
« Agent Fields Client Fields »
Elastic Docs Elastic Common Schema (ECS) Reference [master] ECS Field Reference

Autonomous System Fields

edit

Autonomous System Fields

edit

An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain that presents a common, clearly defined routing policy to the internet.

Autonomous System Field Details

edit
Field Description Level

as.number

Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet.

type: long

example: 15169

extended

as.organization.name

Organization name.

type: keyword

Multi-fields:

  • as.organization.name.text (type: match_only_text)

example: Google LLC

extended

Field Reuse

edit

The as fields are expected to be nested at:

  • client.as
  • destination.as
  • server.as
  • source.as
  • threat.enrichments.indicator.as
  • threat.indicator.as

Note also that the as fields are not expected to be used directly at the root of the events.

« Agent Fields Client Fields »