This is an old post so a known issue. I think folks using ES app or using Splunk as a SIEM and almost any US Govt supplier will need most of that 'extra' info for any IT sec forensic analysis. Most all US Govt suppliers are subject to NIST now and CMMC coming in 2024. I would imagine HIPPA, SOX, GDPR, GLBA, and CCPA companies systems will need that as well. It is noisy but attacks are very often using non-standard ports to transfer information/data to/from an outside host like ICMP, SSH, and RDP as most application level IDS/IPS are looking at 80/443 inspection. For general SMB and Small Enterprise this is probably viable in some respects though.
... View more