Re: Threat triage rules using stellar geo enrichment

2017-08-08 Thread Simon Elliston Ball
pache.org>" > <user@metron.apache.org <mailto:user@metron.apache.org>> > Subject: Re: Threat triage rules using stellar geo enrichment > > I think you want: > GEO_GET( ip_dst_addr, ['country']) != 'US' > > > On Tue, Aug 8, 2017 at 7:29 AM, Anand Subram

Re: Threat triage rules using stellar geo enrichment

2017-08-08 Thread Anand Subramanian
day, August 8, 2017 at 7:12 PM To: "user@metron.apache.org<mailto:user@metron.apache.org>" <user@metron.apache.org<mailto:user@metron.apache.org>> Subject: Re: Threat triage rules using stellar geo enrichment I think you want: GEO_GET( ip_dst_addr, ['country']) !=