AnsweredAssumed Answered

Filtering CIDR in Netwitness Informer

Question asked by RSA Admin Employee on Apr 28, 2015
Latest reply on Apr 28, 2015 by Deepanshu Sood

Hi,

 

I am working on an Informer Report and the for the query, I am trying to filter based on IP Range in Informer.

I wanted to confirm if CIDR based filtering is possible?

 

Query:

ip.src!='$WEBTIER'                    (in WHERE query)

 

or

 

filter_out('$WEBTIER', 'ip.src');    (in THEN Field)

 

I know != is expensive and hence i prefer the second option to filter_out() however none of them are working

 

$WEBTIER is a list of CIDRs

 

10.x.x.x/23,

11.x.x.x/36,

125.x.x.x

 

 

 

 

Currently in either of the options above, result is not filtering the IPs that fall in that cidr.

Any help is greatly appreciated.

 

 

Thanks,

Uma

Outcomes