ipv6_is_in_any_range()

Applies to: ✅ Azure Data ExplorerAzure MonitorMicrosoft Sentinel

Checks whether an IPv6 string address is in any of the specified IPv6 address ranges.

Syntax

ipv6_is_in_any_range(Ipv6Address , Ipv6Range [ , Ipv6Range ...] )

ipv6_is_in_any_range(Ipv6Address , Ipv6Ranges )

Learn more about syntax conventions.

Parameters

Name Type Required Description
Ipv6Address string ✔️ An expression representing an IPv6 address.
Ipv6Range string ✔️ An expression representing an IPv6 range using IP-prefix notation.
Ipv6Ranges dynamic ✔️ An array containing IPv6 ranges using IP-prefix notation.

Note

Either one or more IPv6Range strings or an IPv6Ranges dynamic array is required.

IP-prefix notation

IP-prefix notation (also known as CIDR notation) is a concise way of representing an IP address and its associated network mask. The format is <base IP>/<prefix length>, where the prefix length is the number of leading 1 bits in the netmask. The prefix length determines the range of IP addresses that belong to the network.

For IPv4, the prefix length is a number between 0 and 32. So the notation 192.168.2.0/24 represents the IP address 192.168.2.0 with a netmask of 255.255.255.0. This netmask has 24 leading 1 bits, or a prefix length of 24.

For IPv6, the prefix length is a number between 0 and 128. So the notation fe80::85d:e82c:9446:7994/120 represents the IP address fe80::85d:e82c:9446:7994 with a netmask of ffff:ffff:ffff:ffff:ffff:ffff:ffff:ff00. This netmask has 120 leading 1 bits, or a prefix length of 120.

Returns

  • true: If the IPv6 address is in the range of any of the specified IPv6 networks.
  • false: Otherwise.
  • null: If conversion for one of the two IPv6 strings wasn't successful.

Example

let LocalNetworks=dynamic([
    "a5e:f127:8a9d:146d:e102:b5d3:c755:f6cd/112",
    "0:0:0:0:0:ffff:c0a8:ac/60"
]);
let IPs=datatable(IP:string) [
    "a5e:f127:8a9d:146d:e102:b5d3:c755:abcd",
    "a5e:f127:8a9d:146d:e102:b5d3:c755:abce",
    "a5e:f127:8a9d:146d:e102:b5d3:c755:abcf",
    "a5e:f127:8a9d:146d:e102:b5d3:c756:abd1",
];
IPs
| extend IsLocal=ipv6_is_in_any_range(IP, LocalNetworks)

Output

IP IsLocal
a5e:f127:8a9d:146d:e102:b5d3:c755:abcd True
a5e:f127:8a9d:146d:e102:b5d3:c755:abce True
a5e:f127:8a9d:146d:e102:b5d3:c755:abcf True
a5e:f127:8a9d:146d:e102:b5d3:c756:abd1 False