Pinned topic Pulling all destination IPs from certain offenses
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
I want to get all of the destination IPs for "Action black listed" offenses in a search so that I can export them to a CSV file. Is there a way to do this?-------Posted BY Derek
Updated on 2012-11-27T18:11:28Z at 2012-11-27T18:11:28Z by SystemAdmin
SystemAdmin 110000D4XK184 Posts
Re: I assume you have a created a2012-11-27T18:11:28ZThis is the accepted answer. This is the accepted answer.I assume you have a created a Custom Rule to generate an offense when "Action Black listed" occurs. If not, let me know and I can help you on how to build that rule.
If you have, then you can go into the Log Activity tab, add a filter that defines "Matched Custom Rule NAME OF YOUR RULE". Then simply apply the time frame you are interested in and Group by Destination IP. You can export directly from that screen under the Actions Menu or save the search for use in the Reporting Engine.
Posted By scott.vanwart