Filter IP ranges on Azure Sentinel search

Copper Contributor

Hello everyone,


I'm using the query described here to get alerts on suspicious logins from different countries, but I get lots of false positives from people connecting to our VPNs.

Is there a way to filter using IP ranges instead of specific IPs? I've tried using this



let excludeKnownVPN = dynamic(['', '', '']);



but I don't get the expected outcome (I still get alerts from those IPs).


If someones knows how to filter IP ranges out, I'll greatly appreciate it.


Best regards!

1 Reply