Elastic
Start free trial Contact Sales
Loading

Autonomous system fields

Elastic Stack Serverless

An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain that presents a common, clearly defined routing policy to the internet.

Autonomous system field details

Field Description Level
as.number Unique number allocated to the autonomous system. The autonomous system number (ASN) uniquely identifies each network on the Internet.

type: long

example: 15169
 extended
as.organization.name Organization name.

type: keyword

Multi-fields:

* as.organization.name.text (type: match_only_text)

example: Google LLC
 extended

Field reuse

The as fields are expected to be nested at:

  • client.as
  • destination.as
  • server.as
  • source.as
  • threat.enrichments.indicator.as
  • threat.indicator.as

Note also that the as fields are not expected to be used directly at the root of the events.