Document:Cortex XDR™ XQL Language Reference

incidr

Search the Table of Contents

copyright
- copyright
Get Started with XQL
Stages Commands Reference
- Alter
- Arrayexpand
- Bin
- Comp
  - avg
  - count
  - count_distinct
  - earliest
  - first
  - last
  - latest
  - list
  - max
  - min
  - sum
  - values
- Config
  - case_sensitive
  - timeframe
- Dedup
- Fields
- Filter
- Join
- Iploc
- Limit
- Replacenull
- Sort
- Target
- Union
- View
XQL Functions Reference
- add
- arrayconcat
- arraycreate
- arraydistinct
- arrayfilter
- arrayindex
- arrayindexof
- array_length
- arraymap
- arraymerge
- arrayrange
- arraystring
- coalesce
- concat
- current_time
- divide
- extract_time
- format_string
- format_timestamp
- floor
- if
- incidr
- incidrlist
- json_extract
- json_extract_array
- json_extract_scalar
- len
- lowercase
- multiply
- object_create
- parse_timestamp
- pow
- regextract
- replace
- replex
- round
- split
- string_count
- subtract
- timestamp_diff
- timestamp_seconds
- to_boolean
- to_float
- to_integer
- to_json_string
- to_number
- to_string
- to_timestamp
- trim
- uppercase

incidr

Cortex XDR XQL incidr() function accepts an IP address, and an IP range in CIDR format, and returns true if the address is in range.

Synopsis

incidr(<IP_address>, <CIDR_range>)

Description

The

incidr()

function accepts an IP address, and an IP range using CIDR notation, and returns

true

if the address is in range.

The first parameter must contain an IP address contained in an IP field. For production purposes, this IP address will normally be carried in a field that you retrieve from a dataset. For manual usage, assign the IP address to a field, and then use that field with this function.

Examples

alter my_ip = "192.168.10.14"
| alter inrange = incidr(my_ip, "192.168.10.0/24")
| fields inrange
| limit 1

Document:Cortex XDR™ XQL Language Reference

incidr

Table of Contents

incidr

Synopsis

Description

Examples

Recommended For You

Recommended Videos