Hello,
I am trying to create an alert to trigger when certain flows were present in the last hour at certain sites on my network. However when I try to build a SWQL query to check for certain flows, I get the error "Not a valid IP Address" for the SourceIP Field. The Field is labeled a string in SWQL Studio. Why is it throwing this error? PS- I am using NTA 4.1.1.
PS- Thanks for the help!
SELECT Top 10 F.NodeID, SUM(F.TotalBytes) AS TotalBytes, NC.City, A.Name, F.SourceIP
From Orion.NetFlow.Flows AS F
LEFT JOIN Orion.Nodes N ON F.NodeID = N.NodeID
LEFT Join Orion.NodesCustomProperties NC ON N.NodeID = NC.NodeID
LEFT JOIN Orion.NetFlow.Applications A on A.ApplicationID = F.ApplicationID
Where (F.TimeStamp>=(GetUTCDate()-0.04167)) and F.SourceIP LIKE '%192.168.%'
GROUP BY F.SourceIP, F.NodeID, A.Name, NC.City
ORDER BY TotalBytes DESC