...
You can use the Lookup (lu) operation to enrich your data with the following lookup:
Lookup name: officesinternet_providers
Lookup fields: cidr (key), network_name
...
| Code Block |
|---|
from siem.logtrust.web.activity
select ip4(srcHost) as IP4
select lu("officesinternet_providers", "network_name", IP4) as network_name |
...