Hello,
Using Miner "azure-public-cloudIPsWithServiceTags", I'm trying to get all the subnets from the Azure Region "switzerlandn".
I am using a filter I found in this forum :
- actions:
- accept
conditions:
- azure_region == 'switzerlandn'
- share_level == 'green'
name: accept azure IP for region switzerlandn
But it doesn't work... I have only a few prefixes
Looking at the .json file, I found the missing prefixes in 2 sections, the first is my "switzerlandn" section, the other has no label :
"name": "AzureCloud", "id": "AzureCloud", "properties": { "changeNumber": 61, "region": "", "regionId": 0, "platform": "Azure", "systemService": "", "addressPrefixes": [ "13.64.0.0/16", "13.65.0.0/16",
...
Looking at Minemeld's logs, I see the following for a missing prefix (ouput of azure-public-cloudIPsWithServiceTags Miner) :
"_age_out": 4294967295000, "confidence": 100, "azure_system_service_list": [ "" ], "azure_platform_list": [ "azure" ], "azure_region": "", "share_level": "green", "azure_platform": "Azure", "_last_run": 1612367795560, "sources": [ "azure-public-cloudIPsWithServiceTags" ], "azure_name": "AzureCloud", "azure_name_list": [ "azurecloud", "azurecloud.switzerlandn" ], "azure_id_list": [ "azurecloud", "azurecloud.switzerlandn" ], "azure_region_list": [ "", "switzerlandn" ], "azure_system_service": "", "first_seen": 1611921383932, "azure_id": "AzureCloud", "type": "IPv4", "last_seen": 1611921383932 }
Did you see the value of azure_region and the azure_region_list ? This explains why my filter (azure_region == "switzerlandn") doesn't work. The Miner puts in the "azure_region" field the last value it read from the .json file... And in my case the last value is ""...
Now my questions :
- I'm looking for a filter that will test if "switzerlandn" is contained in the azure_region_list. Any idea ?
- Or a way to modify the Miner, to avoid the "concatenation" of the prefixes that appear twice in the .json file.
Any idea ?
Thanks for your help !
Christophe
... View more