Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New 'Autonomous System' type in 'Network Endpoint' objects #978

Closed
shellcromancer opened this issue Mar 6, 2024 · 0 comments · Fixed by #980
Closed

New 'Autonomous System' type in 'Network Endpoint' objects #978

shellcromancer opened this issue Mar 6, 2024 · 0 comments · Fixed by #980

Comments

@shellcromancer
Copy link
Contributor

The network_endpoint object currently has enrichment metadata for Geo Location but is missing another common enrichment source: Autonomous System information which can be enriched from free sources like GeoLite2 and many paid as well. These fields are useful for threat hunting in network logs and attributing IPs to their owners and would be helpful in the common schema.

These exist in ECS as well.
shellcromancer added a commit to shellcromancer/ocsf-schema that referenced this issue Mar 8, 2024
@shellcromancer
feat: add autonomous_system object to network_endpoint
47384ec 
Closes ocsf#978
shellcromancer added a commit to shellcromancer/ocsf-schema that referenced this issue Mar 8, 2024
@shellcromancer
feat: add autonomous_system object to network_endpoint
8abce4f 
Closes ocsf#978
@shellcromancer shellcromancer mentioned this issue Mar 8, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add autonomous_system object to network_endpoint shellcromancer/ocsf-schema
1 participant
@shellcromancer