问题描述
我正在尝试基于!hassuffix字符串运算符将Azure哨兵规则中的一堆域列入白名单。
我正在尝试执行以下操作:
public function saveEmp(){
$data = array(
'input_id' => $this->input->post('input_id'),'jenis' => $this->input->post('jenis'),'jarak' => $this->input->post('jarak'),'created_at' => date("Y-m-d h:i:sa"),'updated_at' => date("Y-m-d h:i:sa")
);
$result=$this->db->insert('input_jenis_industri',$data);
return $result;
}
但是由于会有很多列入白名单的域,因此子域希望将根域/子域存储在一个列表中,该列表将存储在blob中,例如:
AzureDiagnostics
| where destinationDomain !hassuffix ".google.com" and destinationDomain !hassuffix ".azure.com"
是否有人知道迭代每个语法并检查destinationDomain!是否对每个动态数组元素都具有后缀的语法?还是拥有and墙的唯一方法?谢谢
解决方法
没有此类功能。您应该改用matches regex
。
这可能不是最有效的方法,但是您可以在白名单上进行交叉产品类型的连接,对每个表单执行!hassuffix检查,然后查看有多少个通过了检查(我想通过了吗?)。对于较小的白名单和表格,它应该可以正常工作,并且更易于修改/维护。
let AzureDiagnostics = datatable(destinationDomain: string)
[
"test.google.com","test.notallowed.com","other.azure.com","alsonotallowed.azure2.com"
];
let Whitelist = datatable(allowedSuffix: string,dummy: long)
[
".google.com",1,".azure.com",];
AzureDiagnostics
| extend dummy=1 // add a dummy column for cross product join
| lookup Whitelist on dummy // do cross product (lookup used assuming Whitelist is small)
| where destinationDomain !hassuffix(allowedSuffix) // perform the suffix check
| summarize count() by destinationDomain // since the list was broken up,get the count of passes
| where count_ == toscalar(Whitelist | count) // if the !hassuffix was true for all (the count) keep the result
| project destinationDomain // get rid of the count column