Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added top_level_domain #572

Merged
merged 6 commits into from
Oct 3, 2019
Merged

Added top_level_domain #572

merged 6 commits into from
Oct 3, 2019

Conversation

webmat
Copy link
Contributor

@webmat webmat commented Oct 1, 2019
edited
Loading

This PR is meant to finalize the work on #542 by applying the feedback in time
for ECS 1.2.0. Thanks for getting this started, @mbudge!

Closes #542

mbudge and others added 4 commits September 6, 2019 13:39
@mbudge
Added top_level_domain
88775bd 
Added top_level_domain field so Elasticsearch users with security use cases, can identify logs where the domain has a particular suffix. For example, if a company is experiencing a spear-phishing campaign, they may want to identify all connections to .xyz or .ru domains if the attackers using these domains in their links.

Having a top_level_domain suffix will allow users to find these connections without having to index domains in text fields, so they won't need to do expensive wildcard queries - "*.ru". Instead they can just do a fast keyword search in their analytics.

Users will be able to create a unique list of top_level_domains by using if statements in Logstash pipelines/filters.
@mbudge
Removed dns top_level_domain
e703c94 
The top level domain field might not be required in the DNS group.
Apply PR elastic#542 feedback
1d84a53
Merge branch 'master' into top_level_domain
6567a84
@webmat webmat self-assigned this Oct 1, 2019
@webmat webmat added the 1.2.0 label Oct 1, 2019
MikePaquette
MikePaquette approved these changes Oct 2, 2019
View reviewed changes
Copy link
Contributor

@MikePaquette MikePaquette left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@webmat webmat merged commit 9c4f380 into elastic:master Oct 3, 2019
@mbudge mbudge mentioned this pull request Nov 17, 2019
Merged
@andrewkroh andrewkroh mentioned this pull request Mar 19, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MikePaquette MikePaquette MikePaquette approved these changes

@andrewkroh andrewkroh Awaiting requested review from andrewkroh

Assignees

@webmat webmat

Labels
1.2.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@webmat @MikePaquette @mbudge