3 Replies Latest reply on Jan 7, 2015 9:40 PM by humejo

    Group containing a network for rule filter?

    ttl

         We have an external vulnerability scan service that runs periodically. When it does, I get thousands of e-mails from LEM about it. The service runs from a /20 network address block, so putting in individual IP addresses into the filter to disregard isn't feasible. Is there a way to put this address block into a Group so that I can include it in the rule so I don't get spammed every week? Thanks.

        • Re: Group containing a network for rule filter?
          nicole pauls

          We don't have any group type or field that's very subnet-aware (unfortunately) but you could build a User-Defined Group that contained each IP in the subnet and have the filter/rules use that as an exclude.

          • Re: Group containing a network for rule filter?
            humejo

            Very old thread I know, but since I'm dealing with something similar I figured I'd add this just in case anyone else came across this when searching like I have.  Wild cards are probably a much better way than entering/importing a bunch of IP addresses into a group.  Just make a user defined group, then put in objects that represent the all the subnets you need to group together.  So here are three different examples:192.168.2.*, 10.0.*, or 172.16.3.*  Just make sure you put the wildcard after a period so that you don't get unexpected results.  Filtering a subnet like this 192.168.2* is not the same as 192.168.2.*, since the first one would catch 192.168.2.x or 192.168.2x.x or 192.168.2xx.x  Pretty obvious to some people I'm sure, but it is an easy mistake to make when adding several subnets to a group.