Idea ID: 2790033

New correlation rule operator: Not match subnet

Status : Delivered
over 4 years ago
Hi,
Currently in Sentinel it is quite impossible to create whitelist correlation rules with TargetIP. We have a use case that requires if TargetIP does not match certain whitelisted subnet then send alert. In correlation rules only operand available is "match subnet" which works only with blacklisted subnets.

So a new operator is required.