ML Destination IP Filte

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L0 Member

ML Destination IP Filte

Hi,

 

Wondering if there's a way to filter the results from ML to only show results for destination IP's in the 10.0.0.0/8 range? I'm building out a greenfield rulebase, would prefer to ignore any suggested rules for external networks at this stage.

 

I tried the below but doesn't seem to work.

 

ikunduraci_0-1602478897139.png

Cheers

Highlighted
L2 Linker

In your project, in the M.Learning tab, you can set your enabled networks to only include internal stuff that you want to make rules for. Once you have analyzed the enabled networks, doing m.learning on any policies should only reflect that new ip space.

Highlighted
L2 Linker

Replied too fast just now!

 

I typically go slowly when building filters and sorting the machine learning results in greenfield. Personally I like to add application column, group by dst-address or src-address, then sort on that field. Can use default view that groups by app to show some higher-risk apps like rdp or ssh and start breaking rules out like that, but I usually end up grouping by IP since customer has inventory that they are working from and we go down that list to make sure we cover everything. My case is assuming 5000+ hosts in the environment, so the recommendations get noisy.

 

Once you're grouping by IP, can easily add filter there. FWIW, the filters aren't amazing (10.10.10.10 will match 10.10.10.100 too), but they help a ton if you can layer the filters on results.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!