Network direction processor
The Network direction processor determines network traffic direction (inbound, outbound, internal, or external) based on source and destination IP addresses.
To determine network direction:
- Select Create → Create processor.
- Select Network direction from the Processor menu.
- Set the Source IP to the field containing the source IP address.
- Set the Destination IP to the field containing the destination IP address.
- Set the internal networks using either a list of CIDR ranges or a field containing the list.
In YAML mode, configure the network direction processor using the following parameters. For the complete Streamlang syntax, refer to the Streamlang reference.
Specify exactly one of internal_networks or internal_networks_field.
| Parameter | Type | Required | Description |
|---|---|---|---|
source_ip |
string | Yes | Field containing the source IP address. |
destination_ip |
string | Yes | Field containing the destination IP address. |
target_field |
string | No | Target field for the direction result. |
internal_networks |
string[] | One of internal_networks or internal_networks_field |
List of internal network CIDR ranges. |
internal_networks_field |
string | One of internal_networks or internal_networks_field |
Field containing the list of internal networks. |
ignore_missing |
boolean | No | When true, skip this processor if a source field is missing. |
- action: network_direction
source_ip: attributes.source.ip
destination_ip: attributes.destination.ip
target_field: attributes.network.direction
internal_networks:
- "10.0.0.0/8"
- "172.16.0.0/12"
- "192.168.0.0/16"