Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Has anyone been able to make a label that will only have hosts from a specific vlan?

Would it be possible to detect via IP address in `interface_addresses`?

It should be.  I am just not sure how to build the query to focus on a /24.

I'm not great at CIDR, but seems like a /24 could be targeted like `select address from interface_addresses where address like '10.0.0.%';`?

Seems like osquery could use some sqlite utility functions for CIDR though... it just happens to work well with `LIKE` and /24 ranges because it's anything after the last dot (if I'm understanding correctly).

That is what I was thinking - CIDR functionality would be ideal but that isn’t there.  I’ll play around and test with the like 10.0.0.% and see if that works for me.