incidr

Cortex XDR XQL incidr() function accepts an IP address, and an IP range in CIDR format, and returns true if the address is in range.

Synopsis

incidr(
<IP_address>
,
<CIDR_range>
)

Description

The
incidr()
function accepts an IP address, and an IP range using CIDR notation, and returns
true
if the address is in range.
The first parameter must contain an IP address (NOT a string). For production purposes, this IP address will normally be carried in a field that you retrieve from a dataset. For manual usage, assign the IP address to a field, and then use that field with this function.

Examples

alter my_ip = "192.168.10.14" | alter inrange = incidr(my_ip, "192.168.10.0/24") | fields inrange | limit 1

Recommended For You