Is it possible to create a data model lookup attribute that is based on a CSV file that contains a name column and a CIDR column?
Example file
environment, cidr
foo, 123.123.123/24
bar, 321.321.321/24
So I can match a source IP or a destination IP against the CIDR to get the "environment" name? Creating two fields like source_environment and destination_environment
Lookups are defined in transforms.conf. This is an example of the configuration that you need.
transforms.conf
[mylookup]
filename = ../lookups/thefilename.csv
max_matches = 1
min_matches = 1
default_match = Unknown
match_type = CIDR
And the search could be
yoursearchhere
| lookup mylookup dest_IP as cidr OUTPUT environment as destination_environment
| lookup mylookup source_IP as cidr OUTPUT environment as source_environment
HTH!
Lookups are defined in transforms.conf. This is an example of the configuration that you need.
transforms.conf
[mylookup]
filename = ../lookups/thefilename.csv
max_matches = 1
min_matches = 1
default_match = Unknown
match_type = CIDR
And the search could be
yoursearchhere
| lookup mylookup dest_IP as cidr OUTPUT environment as destination_environment
| lookup mylookup source_IP as cidr OUTPUT environment as source_environment
HTH!