Query using BETWEEN clause for Address (like 172.34.23.0 to 172.34.23.255)

Document created by shahnawaz on Mar 1, 2015
Version 1Show Document
  • View in full screen mode

For Internal



name = "traffic: deny" AND deviceVendor = "Fortinet" AND  ( ( ( sourceAddress BETWEEN "172.16.0.0" AND "172.31.255.255" )  OR  ( sourceAddress STARTSWITH "19.168." )  OR  ( sourceAddress STARTSWITH "10." ) ) )  _deviceGroup IN ["*****"] | where sourceAddress is not null  | top sourceAddress



For External



deviceVendor = "Fortinet" AND name = "traffic: deny" AND NOT (sourceAddress BETWEEN "172.16.0.0" AND "172.31.255.255") AND NOT (sourceAddress STARTSWITH "192.168.") AND NOT (sourceAddress STARTSWITH "10.") _deviceGroup IN ["******"] |  where sourceAddress is not null | top sourceAddress



________________________________________________________________________________________________________


Please share if you have better Query....

Attachments

    Outcomes