Skip to main content
Question

Subnet/Vlan correlation wit Ip address

  • May 19, 2026
  • 1 reply
  • 23 views
Mahesh1313
Forum|alt.badge.img+1

Hello Team,

I hope you’re doing well.

We are planning to integrate IPAM data with Google SecOps by ingesting it as Entity Data into the Entity Context Graph (ECG) instead of traditional point-in-time log events. This approach is intended to enable better correlation of subnet/VLAN and IP data, helping us analyze traffic more effectively at the subnet level rather than individual IPs.

Please let us know if this approach aligns with best practices.

1 reply

hliu
Forum|alt.badge.img+2
  • hliuBronze 1
  • Bronze 1
  • May 19, 2026

It’d be fantastic if IP ranges could be ingested as entities for IP enrichment.

A possible workaround could be a left outer join of events - datatables containing the ranges.

there are few examples here, only for searches.

The join operator is not available for rules at the moment.
 

 

Terms & ConditionsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.