![]() Part where in want to input a lookup table | rename "IDS_Attacks.src" as "src" "IDS_verity" as severity | tstats summariesonly=true allow_old_summaries=true values(IDS_st) as "dest" dc(IDS_st) as "count" values(IDS_Attacks.signature) as signature from datamodel="Intrusion_Detection"."IDS_Attacks" where IDS_verity!="informational" by "IDS_Attacks.src" "IDS_verity" What i have tried looking into this via this command. This csv/lookup file consist of more that 100+ CIDR blocks under a variable called cidr_match_src_ip. So, I have created a lookup table named "match_cidr.csv". ![]() Solutions which i have searched over the forum tell me to create a lookup table and look through it. Now, coming to the part where i need your help is. What i am doing is matching these ip address which should not be in a particular CIDR range using cidrmatch function which works prefectly. The "src_ip" is a more than 5000+ ip address. ![]() So, there is this variable called "src_ip" in my correlation search.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |