Topic
  • 1 reply
  • Latest Post - ‏2012-11-27T18:11:28Z by SystemAdmin
SystemAdmin
SystemAdmin
184 Posts

Pinned topic Pulling all destination IPs from certain offenses

‏2012-07-25T20:54:47Z |
I want to get all of the destination IPs for "Action black listed" offenses in a search so that I can export them to a CSV file. Is there a way to do this?-------Posted BY Derek
Updated on 2012-11-27T18:11:28Z at 2012-11-27T18:11:28Z by SystemAdmin
  • SystemAdmin
    SystemAdmin
    184 Posts

    Re: I assume you have a created a

    ‏2012-11-27T18:11:28Z  
    I assume you have a created a Custom Rule to generate an offense when "Action Black listed" occurs. If not, let me know and I can help you on how to build that rule.

    If you have, then you can go into the Log Activity tab, add a filter that defines "Matched Custom Rule NAME OF YOUR RULE". Then simply apply the time frame you are interested in and Group by Destination IP. You can export directly from that screen under the Actions Menu or save the search for use in the Reporting Engine.
    Posted By scott.vanwart