What if you did:

Attacker Zone URI IN GROUP Public Address Space Zones

Or you could use the inverse:

NOT

Attacker Zone URI IN GROUP Private Address Space Zones

Nope, this doesn't seem to be working. After applying it, the dashboard is not showing anything

Dear Rahul,

Try this. delete your NOT condition and keep whole in under AND by writing as below screen shot.

Regards

Renjith

Tried this as well..And other possibilities similar to this.. Now working

I have tried the other way round as well. But yes, that can be a reason for the filter to not work because the private IPs coming in the dashboard were not from the subnet 10.0.0.0/8 but were from the other two. Do you think it will work if I give 3 different NOT conditions ??

Yes, it should work if you group the 3, individually negated conditions with an AND, like:

AND

(

NOT Attacker Address InSubnet 10.0.0.0/8

NOT Attacker Address InSubnet 192.168.0.0/16

NOT Attacker Address InSubnet 172.16.0.0/12

)

Regards,

A.

Well, if I edit the filter which is being used in the dashboard and reload the dashboard, will the private IP which was coming in the dashboard disappear automatically??

private IP still showing in dashboard

Well, it depends on what sort of content you have on the given dashboard... if you got a datamonitor put on your dashboard, there might be some data collected/cashed before you changed the filter. If you disable/re-enable the datamonitor it will flush its cache, and it will start to populate the data based on the new filter.

Anyway, I suggest you to validate your new filter with an active channel first, to make sure the filter brings you the events you really want to process.

Regards,

A.

Thanks for the suggestions. Will disable and re-enable the data monitor and will confirm if it is working

Thanks for the above suggestions. They are working perfectly