matchblackip
Filters the input records using the given IP blacklist.
Syntax
matchblackip [invert=BOOL] [verify=BOOL] fields=TARGET_FIELD guid=BLACKLIST_GUID
Required Parameter
guid=BLACKLIST_GUID
- IP blacklist GUID
fields=TARGET_FIELD
- Fields to match values against IP blacklist. Use comma (
,
) without any leading or trailing whitespaces as a separator. invert=BOOL
- Option to invert the result of matching the value specified by the
fields
option against the IP blacklist (default:f
).t
: Returns records that do not contain the value specified by fields in the matching result.f
: Returns records that contain the value specified by fields in the matching result.
verify=BOOL
- Option to activate the validation for the IP blacklist at the query parsing stage (default:
t
).t
: validates the IP blacklist at the query parsing stage.f
: NOT validate the IP blacklist at the query parsing stage. This option prevents the system from issuing syntax errors at the policy synchronization stage.
Description
The output fields are as follows:
Field | Type | Description |
---|---|---|
blackip_guid | String | IP blacklist GUID |
blackip_name | String | IP blacklist name |
blackip_field | String | Black IP discovery field name |
blackip_invert | Boolean | invert option value |