1

有没有办法在 kusto 中使用 CIDR 范围?下面的代码只有在我删除 /24 时才有效。

let whiteList = dynamic (["192.168.2.0/24", "192.168.1.0/24"]);  // setup a whitelist of range IP
OfficeActivity
| where Operation == "MailboxLogin" 
| where ClientIP in (whiteList)
| summarize count=count() by UserId

请问有什么解决办法吗?

4

3 回答 3

1

你可以使用这个:

let WhiteList= @'^192\.168\.1|^192\.168\.2'; // put your internal networks
OfficeActivity
| where Operation == "MailboxLogin" 
| extend IswhiteList = iff(ClientIP matches regex WhiteList,"whiteList" ,"none" )
| where IswhiteList == "whiteList"
| summarize count=count() by UserId
于 2020-11-03T08:36:24.507 回答
0

此处列出的更多 IPv4 功能:

https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/scalarfunctions#ip-v4-functions

于 2020-05-12T05:39:35.807 回答
0

看看 parse_ipv4()

https://docs.microsoft.com/en-us/azure/kusto/query/parse-ipv4function

看起来它应该做你需要的。

于 2020-03-26T16:10:10.467 回答