Autonomous System Fields

edit

An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain that presents a common, clearly defined routing policy to the internet.

Autonomous System Field Details

edit
Field Description Level

as.number

Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet.

type: long

example: 15169

extended

as.organization.name

[beta] Use of the match_only_text type in the .text multi-field is currently beta.

Organization name.

type: keyword

Multi-fields:

* as.organization.name.text (type: match_only_text)

example: Google LLC

extended

Field Reuse

edit

The as fields are expected to be nested at:

  • client.as
  • destination.as
  • server.as
  • source.as
  • threat.enrichments.indicator.as
  • threat.indicator.as

Note also that the as fields are not expected to be used directly at the root of the events.