Skip to content

community_id

Computes the Community ID for a network connection/flow.

community_id(src_ip=ip, dst_ip=ip, proto=string,
             [src_port=int, dst_port=int, seed=int]) -> str

Description

Section titled “Description”

The community_id function computes a unique hash digest of a network connection according to the Community ID spec. The digest is useful for pivoting between multiple events that belong to the same connection.

The src_ip and dst_ip parameters are required. The proto string is also required and must be tcp, udp, icmp or icmp6. src_port and dst_port may only be specified if the other one is. seed can be used to set the initial hashing seed.

Examples

Section titled “Examples”

Compute a Community ID from a flow 5-tuple

Section titled “Compute a Community ID from a flow 5-tuple”
from {
  x: community_id(src_ip=1.2.3.4, src_port=4584, dst_ip=43.3.132.3,
                  dst_port=3483, proto="tcp")
}
{x: "1:koNcqhFRD5kb254ZrLsdv630jCM="}

Compute a Community ID from a host pair

Section titled “Compute a Community ID from a host pair”

Because source and destination port are optional, it suffices to provide two IP addreses to compute a valid Community ID.

from {x: community_id(src_ip=1.2.3.4, dst_ip=43.3.132.3, proto="udp")}
{x: "1:7TrrMeH98PrUKC0ySu3RNmpUr48="}

Last updated: