Skip to content

how to filter ip addresses indicator ONLY? #628

Answered by jshcodes
NSH531 asked this question in Q&A
how to filter ip addresses indicator ONLY? #628
@NSH531 NSH531
Apr 28, 2022 · 1 comment
Answered by jshcodes Return to top
Discussion options

NSH531
Apr 28, 2022

You must be logged in to vote
Answered by jshcodes Apr 28, 2022

Hi @NSH531 -

You should be able to use the filter keyword to limit your results to just IP addresses. (A complete list of available filters can be found here: https://falconpy.io/Service-Collections/Intel.html#queryintelindicatorentities)

result = intel.query_indicator_entities(filter="type:'ip_address'")

# OR

result = intel.query_indicator_entities(filter="type:'ip_address_block'")

Uber class would do the same thing with slightly different syntax:

result = falcon.command("QueryIntelIndicatorEntities", filter="type:'ip_address'")
View full answer

Replies: 1 comment

Comment options

jshcodes
Apr 28, 2022
Maintainer

You must be logged in to vote
0 replies
Answer selected by jshcodes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
intel Threat Intel issues and questions
2 participants
@NSH531 @jshcodes