Topic
  • 1 reply
  • Latest Post - ‏2014-02-18T19:36:37Z by QRNinja
Kdixon01
Kdixon01
1 Post

Pinned topic Reference sets and CIDR range in Qradar question

‏2014-02-17T19:55:33Z |

Is it possible to use CIDR ranges in a reference set for better log searches? 

Reference set to contain some known Akamai IP ranges, when I want to filter out "Akamai" then using Reference Set --> Destination IP --> Does not exist in any of --> Akamai

Or do I have to enumerate out the entire range and populate it like that? 

  • QRNinja
    QRNinja
    1 Post

    Re: Reference sets and CIDR range in Qradar question

    ‏2014-02-18T19:36:37Z  

    I've added the CDN repositories you are talking about and other well know update sites like apple.com or updates.microsoft.com to the trusted networks in the Remote Networks config.  When you need to exclude them from reports or searches you can select "Remote Network" as a filter to exclude them.  From my understanding you cannot use CIDR ranges in Reference Sets.