Hi,
I have created the datatables, one field is ip ranges which is values and its data type is string and another filed is its respective sitename
Query :
case.alerts.entities.type = "ADDRESS"
$ip = case.alerts.entities.identifier
$ip in %Test.Value
Match:
case.priority
outcome:
$Count = count(case.name)
how to fetch the sitename along with its matching IP in the datatables in secops dashboard query
Note: When I check the logs, sitename is found in the udm filed deviceGroupName and also in deviceGroupDescription
thank you!