Hello All,
I want to check in the playbook condition whether the specified IP is in private IP ranges or not.
The method which I tried is not working as expected.
Page 1 / 1
I would add these ranges to the internal networks within the SOAR settings -https://cloud.google.com/chronicle/docs/soar/admin-tasks/configuration/manage-networks. After doing that, they should be classified as internal entities.
I would add these ranges to the internal networks within the SOAR settings -https://cloud.google.com/chronicle/docs/soar/admin-tasks/configuration/manage-networks. After doing that, they should be classified as internal entities.
Hi @cmorris ,
I'm aware of this but my requirement is to check whether the alert triggered from the IP is Private range IP or not via playbook action. we have AbuseIPDB action in which the results will be there like ispublic:True/False, but i need any other action to verify the IP is private or not.
Hi @sudeep_singh,
How about creating a reference list with all of the IPs that are Private IPS. Within your Playbook action, using the 'is Value in Refrence List' action to perform the check.
Kind Regards,
Ayman
Hi @sudeep_singh,
How about creating a reference list with all of the IPs that are Private IPS. Within your Playbook action, using the 'is Value in Refrence List' action to perform the check.
Kind Regards,
Ayman
Hi @AymanC
I know aboout it and but not all the time will login from office network, sometimes they may login from unknown network at that time how can i rely on reference list because the IP wont be available in the reference list right.
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.