-
Notifications
You must be signed in to change notification settings - Fork 639
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request - Community ID Flow Hashing #3948
Comments
we do have a hash function, so you can create any string and then hash it. does
that satisfy what you are looking for? or are you needing a specific hash
function?
David Lang
|
Hello David Was originally playing a bit around with hash functions. But could not really se a way to do it. So it might be possible ! There is a "psude code" example on the project github.
|
does the particular hash that you generate matter?
David Lang
|
Unsure what you are asking - There is a reference implementation here: That shows a example like this:
Think the Technical Details here her: |
Feature request - Community ID Flow Hashing
Why, How & Usecase
https://github.com/corelight/community-id-spec
(Description is taken from Project page)
When processing flow data from a variety of monitoring applications (such as Zeek and Suricata), it's often desirable to pivot quickly from one dataset to another. While the required flow tuple information is usually present in the datasets, the details of such "joins" can be tedious, particular in corner cases. This spec describes "Community ID" flow hashing, standardizing the production of a string identifier representing a given network flow, to reduce the pivot to a simple string comparison.
Suggestions to implementation
Maybe a function like ipv42num, not really sure what would be best here.
Could also be a toggle in the function
The text was updated successfully, but these errors were encountered: