Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
b
benbass
04/07/2022, 5:17 PMHas anyone been able to make a label that will only have hosts from a specific vlan?
z
zwass
04/07/2022, 5:24 PMWould it be possible to detect via IP address in
interface_addressesb
benbass
04/07/2022, 5:25 PMIt should be. I am just not sure how to build the query to focus on a /24.
z
zwass
04/07/2022, 5:30 PMI'm not great at CIDR, but seems like a /24 could be targeted like
select address from interface_addresses where address like '10.0.0.%';Seems like osquery could use some sqlite utility functions for CIDR though... it just happens to work well with
LIKEb
benbass
04/07/2022, 5:32 PMThat is what I was thinking - CIDR functionality would be ideal but that isn’t there. I’ll play around and test with the like 10.0.0.% and see if that works for me.
Thank you!
🍻 2