How do I triage an entire subnet or multiple hosts/IPs?

When applying custom triage filters, it is possible for the security analyst to do so on a single source hostname (default) or multiple sources at once.  Select "IP Addresses" in the drop-down offered under "Filter Applies To":


After selecting “IP Addresses” you are able to enter an ip range in CIDR notation such as, alternative by selection the option to enter comma separated data, multiple networks and/or ip’s can be defined.

Additional filter conditions can be defined based on the type of detection type that is being addressed.

Was this article helpful?
0 out of 0 found this helpful

Download PDF


Article is closed for comments.