You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The term network_transport is not always clear. This field is intended to identify the IP protocol identified in a network message, a more accurate and meaningful field name would be ip_protocol, and the numeric companion field ip_protocol_number.
The text was updated successfully, but these errors were encountered:
protocol_name: Transport protocol name, udp, ip, etc.
protocol_num: IANA assigned protocol number
The parent object for these is connection_info, but we will only align with the OCSF fields and instead keep the parent object network leading to the flattened fields:
network_protocol_ver
network_protocol_ver_id
network_protocol_name
network_protocol_num
This will require a lookups to map protocol_ver to protocol_ver_id and the inverse. There is an existing protocol name/num mapping that will support that mapping.
The processing pipelines, lookup data files, event definitions, indexing templates, and content pack files will have to be scanned for instances of the source fields and changes will have to be made to those fields.
Describe the bug
The term
network_transport
is not always clear. This field is intended to identify the IP protocol identified in a network message, a more accurate and meaningful field name would beip_protocol
, and the numeric companion fieldip_protocol_number
.The text was updated successfully, but these errors were encountered: