{"id":30588,"date":"2020-03-18T16:08:09","date_gmt":"2020-03-18T15:08:09","guid":{"rendered":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/?p=30588"},"modified":"2020-04-03T15:24:02","modified_gmt":"2020-04-03T14:24:02","slug":"azure-sentinel-cidr-matching","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/","title":{"rendered":"Azure Sentinel: CIDR matching"},"content":{"rendered":"

KQL has some IPV4 features.\u00a0 A new one last month is IPV4_is_match<\/strong> : https:\/\/docs.microsoft.com\/en-us\/azure\/kusto\/query\/ipv4-is-matchfunction<\/a><\/p>\n

\"IPv4<\/p>\n

Two examples (more here https:\/\/github.com\/CliveW-MSFT\/KQLpublic\/blob\/master\/Queries\/CIDRexamples<\/a> ):<\/h2>\n

1.Using the SigninLogs<\/strong> Table as data.<\/h3>\n
This example takes an IP Address from the log and sees if it is in an allowed range or not.\u00a0 You define whats allowed or not in the CASE statement.<\/div>\n
<\/div>\n
\n
SigninLogs<\/strong><\/div>\n
| where TimeGenerated > ago(24h)<\/strong><\/div>\n
| extend local = case(parse_ipv4(IPAddress) between ( parse_ipv4(“67.0.0.0”).. parse_ipv4(“67.255.255.255″)),”Allowed”,<\/strong><\/div>\n
parse_ipv4(IPAddress) between ( parse_ipv4(“74.0.0.0”).. parse_ipv4(“74.255.255.255″)),”Allowed”,<\/strong><\/div>\n
parse_ipv4(IPAddress) between ( parse_ipv4(“100.0.0.0”) .. parse_ipv4(“109.255.255.255″) ),”Aloowed”,<\/strong><\/div>\n
\/\/else<\/strong><\/div>\n
“Not Allowed”)<\/strong><\/div>\n
| summarize count(), make_set(IPAddress) by local<\/strong><\/div>\n
| order by local asc<\/strong><\/div>\n<\/div>\n

 <\/p>\n

\u00a0 \u00a0 \u00a0Results:<\/h3>\n
\n\n\n\n\n\n
local<\/th>\ncount_<\/th>\nset_IPAddress<\/th>\n<\/tr>\n
Allowed<\/td>\n133<\/td>\n[“108.4.232.173″,”67.166.178.142″,”109.88.218.99″,”108.54.119.134″,”67.162.100.59”]<\/td>\n<\/tr>\n
Not Allowed<\/td>\n332<\/td>\n[“52.179.171.240″,”77.125.9.89″,”84.109.188.120″,”192.176.203.10″,”80.230.49.35″,”37.142.175.61″,”185.27.105.142″,”213.57.167.77″,”79.176.91.243″,”51.143.4.240″,”77.139.246.1″,”73.225.151.175″,”50.35.73.176″,”40.121.91.41″,”89.151.37.15″,”143.159.241.199″,”47.185.20.237″,”173.169.57.117″,”136.55.145.135″,”173.68.101.186″,”52.191.195.160″,”167.220.2.190″,”98.232.109.219″,”166.67.66.245″,”77.138.103.125″,”184.170.166.31″,”83.130.91.77″,”137.135.26.148″,”66.108.20.213″,”90.222.83.39″,”93.173.27.72”]<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

 <\/p>\n

2. Using IPV4_is_match<\/h3>\n

The example in the help is this:<\/p>\n

\n
datatable(ip1_string:string, ip2_string:string)<\/strong><\/div>\n
[<\/strong><\/div>\n
‘1.168.1.0’,’192.168.1.0′,<\/strong><\/div>\n
‘192.168.1.1\/24′,’192.168.1.255’,<\/strong><\/div>\n
‘192.168.1.1’,’192.168.1.10\/24′,<\/strong><\/div>\n
‘239.168.1.1\/30′,’192.168.1.255\/24’,<\/strong><\/div>\n
]<\/strong><\/div>\n
| extend CIDRresult= ipv4_is_match(ip1_string, ip2_string) \/\/ In CIDR range?<\/strong><\/div>\n<\/div>\n

 <\/p>\n

 <\/p>\n

\n\n\n\n\n\n\n\n
ip1_string<\/th>\nip2_string<\/th>\nresult<\/th>\n<\/tr>\n
192.168.1.0<\/td>\n192.168.1.0<\/td>\ntrue<\/td>\n<\/tr>\n
192.168.1.1\/24<\/td>\n192.168.1.255<\/td>\ntrue<\/td>\n<\/tr>\n
192.168.1.1<\/td>\n192.168.1.255\/29<\/td>\nfalse<\/td>\n<\/tr>\n
192.168.1.1\/30<\/td>\n192.168.1.255\/24<\/td>\ntrue<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

 <\/p>\n

We can add HostCount and IP Class information<\/p>\n

\n
datatable(ip1_string:string, ip2_string:string)<\/strong><\/div>\n
[<\/strong><\/div>\n
‘1.168.1.0’,’192.168.1.0′,<\/strong><\/div>\n
‘192.168.1.1\/24′,’192.168.1.255’,<\/strong><\/div>\n
‘192.168.1.1’,’192.168.1.10\/24′,<\/strong><\/div>\n
‘239.168.1.1\/30′,’192.168.1.255\/24’,<\/strong><\/div>\n
]<\/strong><\/div>\n
| extend CIDRresult= ipv4_is_match(ip1_string, ip2_string) \/\/ In CIDR range?<\/strong><\/div>\n
| extend hostcount = pow(2,(32 – split(ip1_string,”\/”).[1])) \/\/ How many hosts supported?<\/strong><\/div>\n
| extend IPAddress = tostring(split(ip1_string,”\/”).[0]) \/\/ Get just IP part of CIDR<\/strong><\/div>\n
| extend ipClass = case(parse_ipv4(IPAddress) between ( parse_ipv4(‘1.0.0.0’).. parse_ipv4(‘126.0.0.0’)),”A”,<\/strong><\/div>\n
parse_ipv4(IPAddress) between ( parse_ipv4(‘128.0.0.0’).. parse_ipv4(‘191.255.0.0’)),”B”,<\/strong><\/div>\n
parse_ipv4(IPAddress) between ( parse_ipv4(‘192.0.0.0’).. parse_ipv4(‘223.255.255.0’) ),”C”,<\/strong><\/div>\n
parse_ipv4(IPAddress) between ( parse_ipv4(‘224.0.0.0’).. parse_ipv4(‘239.255.255.255’) ),”D”,<\/strong><\/div>\n
parse_ipv4(IPAddress) between ( parse_ipv4(‘240.0.0.0’).. parse_ipv4(‘255.255.255.254’) ),”E”,<\/strong><\/div>\n
\/\/else<\/strong><\/div>\n
strcat(“Unknown class”, parse_ipv4(IPAddress))<\/strong><\/div>\n
)<\/strong><\/div>\n
<\/div>\n<\/div>\n
\n
\n\n\n\n\n\n\n\n
ip1_string<\/th>\nip2_string<\/th>\nCIDRresult<\/th>\nhostcount<\/th>\nIPAddress<\/th>\nipClass<\/th>\n<\/tr>\n
1.168.1.0<\/td>\n192.168.1.0<\/td>\nfalse<\/td>\nnull<\/td>\n1.168.1.0<\/td>\nA<\/td>\n<\/tr>\n
192.168.1.1\/24<\/td>\n192.168.1.255<\/td>\ntrue<\/td>\n256<\/td>\n192.168.1.1<\/td>\nC<\/td>\n<\/tr>\n
192.168.1.1<\/td>\n192.168.1.10\/24<\/td>\ntrue<\/td>\nnull<\/td>\n192.168.1.1<\/td>\nC<\/td>\n<\/tr>\n
239.168.1.1\/30<\/td>\n192.168.1.255\/24<\/td>\nfalse<\/td>\n4<\/td>\n239.168.1.1<\/td>\nD<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<\/div>\n
<\/div>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

KQL has some IPV4 features.\u00a0 A new one last month is IPV4_is_match : https:\/\/docs.microsoft.com\/en-us\/azure\/kusto\/query\/ipv4-is-matchfunction Two examples (more here https:\/\/github.com\/CliveW-MSFT\/KQLpublic\/blob\/master\/Queries\/CIDRexamples ): 1.Using the SigninLogs Table as data. This example takes an IP Address from the log and sees if it is in an allowed range or not.\u00a0 You define whats allowed or not in the CASE<\/p>\n","protected":false},"author":424,"featured_media":17607,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"categories":[1],"post_tag":[882,424,1296],"content-type":[],"coauthors":[],"class_list":["post-30588","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cross-industry","tag-azure-sentinel","tag-hybridcloud","tag-kql"],"yoast_head":"\nAzure Sentinel: CIDR matching - Microsoft Industry Blogs - United Kingdom<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Azure Sentinel: CIDR matching - Microsoft Industry Blogs - United Kingdom\" \/>\n<meta property=\"og:description\" content=\"KQL has some IPV4 features.\u00a0 A new one last month is IPV4_is_match : https:\/\/docs.microsoft.com\/en-us\/azure\/kusto\/query\/ipv4-is-matchfunction Two examples (more here https:\/\/github.com\/CliveW-MSFT\/KQLpublic\/blob\/master\/Queries\/CIDRexamples ): 1.Using the SigninLogs Table as data. This example takes an IP Address from the log and sees if it is in an allowed range or not.\u00a0 You define whats allowed or not in the CASE\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Industry Blogs - United Kingdom\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-18T15:08:09+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-04-03T14:24:02+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/07\/UK-Hybrid-Cloud-Team-Blue.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"450\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/\"},\"author\":{\"name\":\"\",\"@id\":\"\"},\"headline\":\"Azure Sentinel: CIDR matching\",\"datePublished\":\"2020-03-18T15:08:09+00:00\",\"dateModified\":\"2020-04-03T14:24:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/\"},\"wordCount\":303,\"commentCount\":2,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/07\/UK-Hybrid-Cloud-Team-Blue.jpg\",\"keywords\":[\"Azure Sentinel\",\"Hybrid Cloud\",\"KQL\"],\"articleSection\":[\"Cross-industry\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/\",\"url\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/\",\"name\":\"Azure Sentinel: CIDR matching - Microsoft Industry Blogs - United Kingdom\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/07\/UK-Hybrid-Cloud-Team-Blue.jpg\",\"datePublished\":\"2020-03-18T15:08:09+00:00\",\"dateModified\":\"2020-04-03T14:24:02+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/07\/UK-Hybrid-Cloud-Team-Blue.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/07\/UK-Hybrid-Cloud-Team-Blue.jpg\",\"width\":800,\"height\":450,\"caption\":\"Hybrid Cloud logo\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Azure Sentinel: CIDR matching\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/\",\"name\":\"Microsoft Industry Blogs - United Kingdom\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#organization\",\"name\":\"Microsoft Industry Blogs - United Kingdom\",\"url\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2019\/08\/Microsoft-Logo.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2019\/08\/Microsoft-Logo.png\",\"width\":259,\"height\":194,\"caption\":\"Microsoft Industry Blogs - United Kingdom\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Azure Sentinel: CIDR matching - Microsoft Industry Blogs - United Kingdom","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/","og_locale":"en_US","og_type":"article","og_title":"Azure Sentinel: CIDR matching - Microsoft Industry Blogs - United Kingdom","og_description":"KQL has some IPV4 features.\u00a0 A new one last month is IPV4_is_match : https:\/\/docs.microsoft.com\/en-us\/azure\/kusto\/query\/ipv4-is-matchfunction Two examples (more here https:\/\/github.com\/CliveW-MSFT\/KQLpublic\/blob\/master\/Queries\/CIDRexamples ): 1.Using the SigninLogs Table as data. This example takes an IP Address from the log and sees if it is in an allowed range or not.\u00a0 You define whats allowed or not in the CASE","og_url":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/","og_site_name":"Microsoft Industry Blogs - United Kingdom","article_published_time":"2020-03-18T15:08:09+00:00","article_modified_time":"2020-04-03T14:24:02+00:00","og_image":[{"width":800,"height":450,"url":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/07\/UK-Hybrid-Cloud-Team-Blue.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Written by":"","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/"},"author":{"name":"","@id":""},"headline":"Azure Sentinel: CIDR matching","datePublished":"2020-03-18T15:08:09+00:00","dateModified":"2020-04-03T14:24:02+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/"},"wordCount":303,"commentCount":2,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/07\/UK-Hybrid-Cloud-Team-Blue.jpg","keywords":["Azure Sentinel","Hybrid Cloud","KQL"],"articleSection":["Cross-industry"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/","url":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/","name":"Azure Sentinel: CIDR matching - Microsoft Industry Blogs - United Kingdom","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/07\/UK-Hybrid-Cloud-Team-Blue.jpg","datePublished":"2020-03-18T15:08:09+00:00","dateModified":"2020-04-03T14:24:02+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/07\/UK-Hybrid-Cloud-Team-Blue.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2017\/07\/UK-Hybrid-Cloud-Team-Blue.jpg","width":800,"height":450,"caption":"Hybrid Cloud logo"},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/cross-industry\/2020\/03\/18\/azure-sentinel-cidr-matching\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/"},{"@type":"ListItem","position":2,"name":"Azure Sentinel: CIDR matching"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/","name":"Microsoft Industry Blogs - United Kingdom","description":"","publisher":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#organization","name":"Microsoft Industry Blogs - United Kingdom","url":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2019\/08\/Microsoft-Logo.png","contentUrl":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-content\/uploads\/sites\/22\/2019\/08\/Microsoft-Logo.png","width":259,"height":194,"caption":"Microsoft Industry Blogs - United Kingdom"},"image":{"@id":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/posts\/30588"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/users\/424"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/comments?post=30588"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/posts\/30588\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/media\/17607"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/media?parent=30588"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/categories?post=30588"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/post_tag?post=30588"},{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/content-type?post=30588"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-gb\/industry\/blog\/wp-json\/wp\/v2\/coauthors?post=30588"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}