Skip to main content

Community/Conversation IDs

EF_FLOW_DECODER_ENRICH_COMMUNITYID_ENABLE#

Specifies whether flow records should be enriched with a Community ID value.

note

For more information on community IDs see https://github.com/corelight/community-id-spec.

  • Valid Values
    • true, false
  • Default
    • true

EF_FLOW_DECODER_ENRICH_COMMUNITYID_SEED#

A 16-bit value used as the seed for determining the Community ID of a flow record.

  • Default
    • 0

Conversation ID#

EF_FLOW_DECODER_ENRICH_CONVERSATIONID_ENABLE#

Specifies whether flow records should be enriched with a Conversation ID value. This value is similar to a community ID (see... EF_FLOW_DECODER_ENRICH_COMMUNITYID_ENABLE). However rather than being based on the src/dst relationship of two endpoints, it is based on the client/server perspective. While two related unidirectional flows, e.g. an HTTP request and the corresponding HTTP response, will have different community IDs. Both of these flows will have the same conversation ID. This provides greater flexibility when exploring a complex flow dataset.

  • Valid Values
    • true, false
  • Default
    • true

EF_FLOW_DECODER_ENRICH_CONVERSATIONID_SEED#

A 16-bit value used as the seed for determining the Conversation ID of a flow record.

  • Default
    • 0