Ingest Node processor for Network Community ID

**Describe the feature**:

As a user that processes networking logs with Ingest Node, I would like to have an Ingest Node processor for populating the Elastic Common Schema (ECS) [`network.community_id`](https://www.elastic.co/guide/en/ecs/current/ecs-network.html) field. At a high level this value is a hash of the source/destination addresses and protocol.

This is a useful field for correlating all events related to the same network flow regardless of the flow direction. For example correlating Packetbeat events other network log sources.

References
- [Community ID Specification](https://github.com/corelight/community-id-spec)
- [ECS `network.community_id` field](https://www.elastic.co/guide/en/ecs/current/ecs-network.html)
- [Filebeat `community_id` processor](https://www.elastic.co/guide/en/beats/filebeat/current/community-id.html)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Ingest Node processor for Network Community ID #55685

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Ingest Node processor for Network Community ID #55685

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions