search

elastic / beats

:tropical_fish: Beats - Lightweight shippers for Elasticsearch & Logstash
https://www.elastic.co/products/beats
Other
96 stars 4.92k forks source link

[Packetbeat] Provide vlan.id in decoded protocols #34932

Open fs1 opened 1 year ago

fs1 commented 1 year ago

Describe the enhancement: I'd like to ask you to enhance the protocol decoder (especially the dns decoder) to provide the vlan.id additionally. In https://discuss.elastic.co/t/supplement-vlan-id-to-dns-data/328453 andrewkroh says, that the network.vlan.id field in Elastic Common Schema already holds this data. And he further conjectures that #12794 was some kind the reason why this data is missing.

Describe a specific use case for the enhancement or feature: Currently I send all dns requests to our logstash server, where the requests get analyzed. To further group this data it would be helpful to know the vlan.id where the traffic generates from. This way vlan specific detection rules can be enabled.

botelastic[bot] commented 1 year ago

This issue doesn't have a Team:<team> label.

elasticmachine commented 1 year ago

Pinging @elastic/security-external-integrations (Team:Security-External Integrations)

elasticmachine commented 9 months ago

Pinging @elastic/sec-linux-platform (Team:Security-Linux Platform)