topic Re: Need stdlib.aggregatorIPv4Generic to provide single IPs instead of IP r in General Topics https://live.paloaltonetworks.com/t5/general-topics/need-stdlib-aggregatoripv4generic-to-provide-single-ips-instead/m-p/339673#M95617 <P>Hi, just curious if you found any resolution of that issue ?&nbsp;</P> <P>Get the same issue in Log analytics. All my Ipv4 indicators are in CIDR too in Azure Log Anytic</P> <P>&nbsp;</P> <P>I found a workaround with KQL&nbsp;ipv4_is_match() function&nbsp;but didn't try it.</P> <P><A href="https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/ipv4-is-matchfunction" target="_blank">https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/ipv4-is-matchfunction</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 20 Jul 2020 18:23:38 GMT papham 2020-07-20T18:23:38Z Need stdlib.aggregatorIPv4Generic to provide single IPs instead of IP ranges https://live.paloaltonetworks.com/t5/general-topics/need-stdlib-aggregatoripv4generic-to-provide-single-ips-instead/m-p/322120#M95615 <P>Hello all,</P><P>&nbsp;</P><P>I am trying to use Minemeld in a setup with Microsoft Sentinel (Microsoft Graph).&nbsp;</P><P>&nbsp;</P><P>I am encountering an issue with entities of type IP, as they are getting&nbsp; in my log analytics space as IP ranges, mentioned in the "ExternalIndicatorID" along with the word IPv4. I cannot process that and I need single IP alone in another column, like NetworkIP.</P><P>&nbsp;</P><P>Is there any way to change the processor to provide single IPs instead of ranges?</P><P>&nbsp;</P><P>Thank you.</P> Fri, 10 Apr 2020 12:20:26 GMT https://live.paloaltonetworks.com/t5/general-topics/need-stdlib-aggregatoripv4generic-to-provide-single-ips-instead/m-p/322120#M95615 GabrielNBJJ 2020-04-10T12:20:26Z Re: Need stdlib.aggregatorIPv4Generic to provide single IPs instead of IP ranges https://live.paloaltonetworks.com/t5/general-topics/need-stdlib-aggregatoripv4generic-to-provide-single-ips-instead/m-p/322128#M95616 <P>I found some info about modifying the FEED URL, however I have no such URL in my Microsoft output node.</P><P>&nbsp;</P><P>Any workarounds to that?</P><P>&nbsp;</P><P>Thanks.</P> Fri, 10 Apr 2020 13:10:53 GMT https://live.paloaltonetworks.com/t5/general-topics/need-stdlib-aggregatoripv4generic-to-provide-single-ips-instead/m-p/322128#M95616 GabrielNBJJ 2020-04-10T13:10:53Z Re: Need stdlib.aggregatorIPv4Generic to provide single IPs instead of IP r https://live.paloaltonetworks.com/t5/general-topics/need-stdlib-aggregatoripv4generic-to-provide-single-ips-instead/m-p/339673#M95617 <P>Hi, just curious if you found any resolution of that issue ?&nbsp;</P> <P>Get the same issue in Log analytics. All my Ipv4 indicators are in CIDR too in Azure Log Anytic</P> <P>&nbsp;</P> <P>I found a workaround with KQL&nbsp;ipv4_is_match() function&nbsp;but didn't try it.</P> <P><A href="https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/ipv4-is-matchfunction" target="_blank">https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/ipv4-is-matchfunction</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Mon, 20 Jul 2020 18:23:38 GMT https://live.paloaltonetworks.com/t5/general-topics/need-stdlib-aggregatoripv4generic-to-provide-single-ips-instead/m-p/339673#M95617 papham 2020-07-20T18:23:38Z