What Changed

Restructured Corelight workbooks and added new asset classification capabilities including a dedicated parser, workbook tab, and supporting infrastructure for enhanced network asset discovery and security monitoring.

Technical Details

  • New asset classification parser: Added corelight_asset_classification.yaml for parsing device discovery data
  • Workbook reorganization: Restructured dashboard layout with new Asset Classification tab in Data Explorer
  • Enhanced device visibility: Classification covers device type, OS detection, brand/model identification, and confidence scoring
  • Parser improvements: Updated corelight_conn and corelight_conn_agg parsers with boolean casting for local_orig/local_resp fields

Asset Classification Features

The new asset classification functionality provides:

  • Device fingerprinting: Automatic identification of device types (computer, laptop, etc.)
  • OS detection: Operating system name and version identification
  • Network mapping: MAC address and vendor correlation
  • Confidence scoring: Reliability metrics for classification accuracy
  • Multi-source correlation: Combines data from DHCP, HTTP, and other network sources

This enhances network security monitoring by providing better asset inventory and device identification capabilities for threat hunting and incident response activities.

Affected Files

.script/tests/KqlvalidationsTests/CustomTables/Corelight_v2_asset_classification_CL.json
Sample Data/Corelight/Corelight_v2_asset_classification_CL.json
Solutions/Corelight/Package/testParameters.json
Solutions/Corelight/Parsers/corelight_asset_classification.yaml
Solutions/Corelight/Parsers/corelight_conn.yaml
Solutions/Corelight/Parsers/corelight_conn_agg.yaml
Solutions/Corelight/Workbooks/Corelight.json
Solutions/Corelight/Workbooks/Corelight_AWS_VPC_Flow.json
Solutions/Corelight/Workbooks/Corelight_Alert_Aggregations.json
Solutions/Corelight/Workbooks/Corelight_Data_Explorer.json
Solutions/Corelight/Workbooks/Corelight_Data_Insights.json
Solutions/Corelight/Workbooks/Corelight_Operations.json
Solutions/Corelight/Workbooks/Corelight_Security_Workflow.json
Solutions/Corelight/Workbooks/Corelight_Sensor_Overview.json
Workbooks/Images/Preview/CorelightDataInsightsBlack1.png
Workbooks/Images/Preview/CorelightDataInsightsBlack2.png
Workbooks/Images/Preview/CorelightDataInsightsBlack3.png
Workbooks/Images/Preview/CorelightDataInsightsWhite1.png
Workbooks/Images/Preview/CorelightDataInsightsWhite2.png
Workbooks/Images/Preview/CorelightDataInsightsWhite3.png
Workbooks/WorkbooksMetadata.json
(packaging artefacts: 3.2.5.zip, ReleaseNotes.md, Solution_Corelight.json, createUiDefinition.json, mainTemplate.json)