Community/Conversation IDs
Community ID
EF_PROCESSOR_ENRICH_COMMUNITYID_ENABLE
Specifies whether flow records should be enriched with a Community ID value.
For more information on community IDs see https://github.com/corelight/community-id-spec.
- Valid Values
true
,false
- Default
true
EF_PROCESSOR_ENRICH_COMMUNITYID_SEED
A 16-bit value used as the seed for determining the Community ID of a flow record.
- Default
0
Conversation ID
EF_PROCESSOR_ENRICH_CONVERSATIONID_ENABLE
Specifies whether flow records should be enriched with a Conversation ID value. This value is similar to a community ID (see... EF_PROCESSOR_ENRICH_COMMUNITYID_ENABLE). However rather than being based on the src/dst relationship of two endpoints, it is based on the client/server perspective. While multiple unique sessions (i.e. a unique client-side port for each session) will each have their own Community ID, they will share the same Conversation ID. This provides greater flexibility when exploring a complex flow dataset.
- Valid Values
true
,false
- Default
true
EF_PROCESSOR_ENRICH_CONVERSATIONID_SEED
A 16-bit value used as the seed for determining the Conversation ID of a flow record.
- Default
0