Add network direction
The add_network_direction processor attempts to compute the perimeter-based network direction when given a source and destination IP address and a list of internal networks.
- add_network_direction:
source: source.ip
destination: destination.ip
target: network.direction
internal_networks: [ private ]
Note
Elastic Agent processors execute before ingest pipelines, which means that they process the raw event data rather than the final event sent to Elasticsearch. For related limitations, refer to What are some limitations of using processors?
| Name | Required | Default | Description |
|---|---|---|---|
source |
Yes | Source IP. | |
destination |
Yes | Destination IP. | |
target |
Yes | Target field where the network direction will be written. | |
internal_networks |
Yes | List of internal networks. The value can contain either CIDR blocks or a list of special values enumerated in the network section of Conditions. |