.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Unable to configure an IP range in EPL when bulding an RSA Security Analytics ESA rule
Issue
Unable to configure an IP range in EPL when bulding an RSA Security Analytics ESA rule.Cause
This issue occurs because IP fields use the string data type and cannot support range functions at this time.Resolution
At this time, RegEx is required to do IP comparisons. Future versions of ESA will have IP fields use the INET data type. However there is no roadmap of which version would be as of yet. Once that is implemented, IP range can be used in EPL.Notes
This issue is being tracked in the JIRA ticket SACE-1325.Internal Comments
UserName:shurtj8/13/2014 4:35:53 PM - Technically Reviewed
Technically reviewed the article and changed its status to Copy Edited. Made changes to abide by Primus best practices and removed RSA NetWitness from the partitions. Added link to JIRA ticket.
Product Details
RSA Security AnalyticsRSA Security Analytics Event Stream Analysis
INTERNAL ONLY!!!