# Rare Autonomous System Identifying network traffic to or from a rare Autonomous System (AS) is crucial in network security and management. An Autonomous System is a distinct network or group of networks under a common administration that shares a common routing policy. Traffic involving a rare AS, which is not typically observed in normal network operations, can be indicative of several potential issues. These can range from inadvertent misconfigurations in routing settings to more serious concerns like attempts at data exfiltration, unauthorized access, or a precursor to cyber-attacks. Early detection of such anomalies allows network administrators to investigate and address these irregularities promptly, thereby preventing potential security breaches and ensuring the integrity of the network. ElastiFlow provides a collection of anomaly detection jobs designed to identify network traffic to/from a rare Autonomous System comprises various tools and methods focusing on analyzing network traffic patterns. ## Attributes | Attribute | Information | | ------------ | ----------- | | **Analysis** | temporal | ## Downloads | Schema | Endpoint | Link | | --------- | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **CODEX** | **client** | [elastiflow\_codex\_netsec\_rare\_asn\_client](https://github.com/elastiflow/elastiflow_for_elasticsearch/raw/master/ml/codex/netsec_activity/netsec_rare_asn_client.json) | | **CODEX** | **server** | [elastiflow\_codex\_netsec\_rare\_asn\_server](https://github.com/elastiflow/elastiflow_for_elasticsearch/raw/master/ml/codex/netsec_activity/netsec_rare_asn_server.json) | | **ECS** | **client** | [elastiflow\_ecs\_netsec\_rare\_asn\_client](https://github.com/elastiflow/elastiflow_for_elasticsearch/raw/master/ml/ecs/netsec_activity/netsec_rare_asn_client.json) | | **ECS** | **server** | [elastiflow\_ecs\_netsec\_rare\_asn\_server](https://github.com/elastiflow/elastiflow_for_elasticsearch/raw/master/ml/ecs/netsec_activity/netsec_rare_asn_server.json) | By implementing this collection of anomaly detection jobs, network administrators can quickly identify and respond to unusual network traffic involving rare Autonomous Systems. This proactive approach is critical in mitigating potential threats and maintaining the overall security and efficiency of the network. Timely identification and investigation of such anomalies help ensure that the network remains robust against both inadvertent misconfigurations and deliberate malicious activities. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.elastiflow.com/data_platforms/elastic/ml/netsec/netsec_activity/rare_asn.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.