Azure Sentinel: CIDR matching 

KQL has some IPV4 features.  A new one last month is IPV4_is_match : https://docs.microsoft.com/en-us/azure/kusto/query/ipv4-is-matchfunction Two examples (more here https://github.com/CliveW-MSFT/KQLpublic/blob/master/Queries/CIDRexamples ): 1.Using the SigninLogs Table as data. This example takes an IP Address from the log and sees if it is in an allowed range or not.  You define whats allowed or not in the CASE…Read more

2 Comments