matchblackip

Filters the input records using the given IP blacklist.

Syntax

matchblackip [invert=BOOL] [verify=BOOL] fields=TARGET_FIELD guid=BLACKLIST_GUID
Required Parameter
guid=BLACKLIST_GUID
IP blacklist GUID
fields=TARGET_FIELD
Fields to match values against IP blacklist. Use comma (,) without any leading or trailing whitespaces as a separator.
invert=BOOL
Option to invert the result of matching the value specified by the fields option against the IP blacklist (default: f).
  • t: Returns records that do not contain the value specified by fields in the matching result.
  • f: Returns records that contain the value specified by fields in the matching result.
verify=BOOL
Option to activate the validation for the IP blacklist at the query parsing stage (default: t).
  • t: validates the IP blacklist at the query parsing stage.
  • f: NOT validate the IP blacklist at the query parsing stage. This option prevents the system from issuing syntax errors at the policy synchronization stage.

Description

The output fields are as follows:

FieldTypeDescription
blackip_guidStringIP blacklist GUID
blackip_nameStringIP blacklist name
blackip_fieldStringBlack IP discovery field name
blackip_invertBooleaninvert option value