incidr - Reference Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR XQL Language Reference
Product
Cortex XDR
Creation date
2024-02-26
Last date published
2024-04-16
Category
Reference Guide
Abstract

Learn more about the Cortex Query Language incidr() function.

Syntax

incidr(<IPv4_address>, <CIDR_range>)

Description

The incidr() function accepts an IPv4 address, and an IPv4 range using CIDR notation, and returns true if the address is in range.

Note

The first parameter must contain an IPv4 address contained in an IPv4 field. For production purposes, this IPv4 address will normally be carried in a field that you retrieve from a dataset. For manual usage, assign the IPv4 address to a field, and then use that field with this function.

Examples

alter my_ip = "192.168.10.14"
| alter inrange = incidr(my_ip, "192.168.10.0/24")
| fields inrange
| limit 1