-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WhiteList IP Range 10.0.0.0/8 #910
Comments
Hi @kay07949 The above query seems to be the correct and filtering all the IP ranges in my environments. Here is the query I compiled with sample data from all of the specified IP ranges from allowlist.
Query Results: |
thanks this works! |
Closing as no further action required. |
Hi,
i am trying to whitelist the ip range 10.0.0.0/8 using the technique below:
let lookup=toscalar(datatable(ip_range:string) ["10.0.0.0/8","199.207.253.101/32","199.207.253.96/32","199.206.0.5/32","199.206.8.26/32"] | summarize l=make_set(ip_range));
let AllSourceIps = materialize(
AzureActivity
| where OperationName =~ "List Storage Account Keys"
| distinct CallerIpAddress
);
let MatchedIps = AllSourceIps
| mv-apply l=lookup to typeof(string) on
(
where ipv4_is_match (CallerIpAddress, l)
);
let ListStorageAccountKeys =
AzureActivity
| where OperationName =~ "List Storage Account Keys"
| where CallerIpAddress !in ((MatchedIps))
| distinct OperationName;
However this doesn't appear to work. It whitelist the other ranges specified except the 10.0.0.0/8 . Please help!
The text was updated successfully, but these errors were encountered: