For packet decoders running 10.6.2.0, is it possible in some way to specify which IPv4 meta fields the values from the index column will be placed in? For instance, we're putting together a list of our vulnerability scanners to whitelist. Because we selected 'IP', we don't have the option to specify why IPv4 meta fields this matches against.
Am I correct in assuming this will match against all against traffic where either the ip.src or ip.dst matches an IPv4 value in the index column? It would be nice just to specify ip.src (don't care about return traffic).
Also, what about custom IPv4 meta fields? We have one called client.ip. Will Netwitness include this field when comparing values in the index column or is it ignored since it's not a standard meta key?