Elasticsearch supports the ip_range type.
One way to reduce a lot of traffic from investigation or focus on a specific network is by the use of allow or deny lists.
Currently I am only able to enrich IP's individually as the enrich index converts them into a keyword.
As a subnet size increases, it is not effective to expand it and do an enrichment on a 1:1 basis.
Kindly consider for supporting ip_range as it will be helpful to reduce the size of an allow or deny list index and help quicker processing for a lot of security based use cases.
Elasticsearch supports the ip_range type.
One way to reduce a lot of traffic from investigation or focus on a specific network is by the use of allow or deny lists.
Currently I am only able to enrich IP's individually as the enrich index converts them into a keyword.
As a subnet size increases, it is not effective to expand it and do an enrichment on a 1:1 basis.
Kindly consider for supporting ip_range as it will be helpful to reduce the size of an allow or deny list index and help quicker processing for a lot of security based use cases.