Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SIEM] Change Autonomous System fields #43746

Closed
cwurm opened this issue Aug 22, 2019 · 2 comments
Closed

[SIEM] Change Autonomous System fields #43746

cwurm opened this issue Aug 22, 2019 · 2 comments
Assignees
@stephmilovic
Labels
Team:SIEM

Comments

@cwurm
Copy link
Contributor

cwurm commented Aug 22, 2019

We are currently using Autonomous System in two places:

  1. IP Details Overview
  2. Timeline Field Renderers

In both cases, the code looks in the autonomous_system.* fields (code references in #43649). However, ECS has now added an as.* field set (elastic/ecs#341, docs) and @andrewkroh has updated a bunch of Filebeat pipelines to use those fields (elastic/beats#13036).

So I think we should change to as.* in the SIEM app as soon as possible.
@elasticmachine
Copy link
Contributor

Pinging @elastic/siem

@stephmilovic stephmilovic self-assigned this Aug 23, 2019
@stephmilovic stephmilovic mentioned this issue Aug 23, 2019
Merged
7 tasks
@stephmilovic
Copy link
Contributor

#43925

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@stephmilovic stephmilovic

Labels
Team:SIEM
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cwurm @stephmilovic @elasticmachine