Where addresses within alerts can be reasonably correlated to belonging to the same subnet, for example the same /24, add support to alerting output to potentially generate a secondary alert indicating a probable bad subnet.
This would essentially be something like a reduction operation to output a subnet given an set of input elements.
ameihm0912
commented
5 years ago
Where addresses within alerts can be reasonably correlated to belonging to the same subnet, for example the same /24, add support to alerting output to potentially generate a secondary alert indicating a probable bad subnet.
This would essentially be something like a reduction operation to output a subnet given an set of input elements.