NOTICE: Significant community changes coming soon
The header menu and the home page on our community will be changing soon. Get more information HERE.

New correlation rule operator: Not match subnet

Idea ID 2790033

New correlation rule operator: Not match subnet

0 Votes
Hi,
Currently in Sentinel it is quite impossible to create whitelist correlation rules with TargetIP. We have a use case that requires if TargetIP does not match certain whitelisted subnet then send alert. In correlation rules only operand available is "match subnet" which works only with blacklisted subnets.

So a new operator is required.
2 Comments
Absent Member.
Absent Member.
After more study: I believe this functionality can be achieved in free form view and using "AND NOT" statement before "match subnet" operator while editing correlation rule.
Micro Focus Expert
Micro Focus Expert
Okay, thanks for checking on this Timo. I am going to close this idea. Let me know if there is any change.
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.