Hi
i'm in the same situation.
i dont understand why i cannot get the IPs from the name "AzureCloud.westeurope".
my filters:
NAME
CONDITIONS
ACTIONS
accept withdraws
__method == 'withdraw'
accept
AzureActiveDirectory
share_level == 'green'
type == 'IPv4'
azure_name == 'AzureActiveDirectory'
accept
AzureAdvancedThreatProtection
share_level == 'green'
type == 'IPv4'
azure_name == 'AzureAdvancedThreatProtection'
accept
AppService
share_level == 'green'
type == 'IPv4'
azure_name == 'AppService'
accept
AppServiceManagement
share_level == 'green'
type == 'IPv4'
azure_name_list == 'AppServiceManagement'
accept
AppService.NorthEurope
share_level == 'green'
type == 'IPv4'
azure_name == 'AppService.NorthEurope'
accept
AzureCloud.northeurope
share_level == 'green'
type == 'IPv4'
azure_name == 'AzureCloud.northeurope'
accept
AppService.WestEurope
share_level == 'green'
type == 'IPv4'
azure_name == 'AppService.WestEurope'
accept
AzureCloud.westeurope
share_level == 'green'
type == 'IPv4'
azure_name == 'azurecloud.westeurope'
accept
drop all
drop
logs shows TRACE/DROP for a range:
{ "confidence": 100, "azure_system_service_list": [ "" ], "azure_platform_list": [ "azure" ], "azure_region": "", "share_level": "green", "azure_id": "AzureCloud", "sources": [ "Azure-worldwide-miner-2" ], "azure_name": "AzureCloud", "azure_name_list": [ "azurecloud.westeurope", "azurecloud" ], "azure_id_list": [ "azurecloud.westeurope", "azurecloud" ], "azure_region_list": [ "", "westeurope" ], "azure_system_service": "", "first_seen": 1582736638722, "azure_platform": "Azure", "type": "IPv4", "last_seen": 1582736638722 }
pls advice.
... View more