Page Comparison

To create data filters for your source data, do the  do the following:1. Log

1. Log in to the Cloud Services Portal.

...

1. Click Manage

...

1. > Data Connector.

...

1. Select the ETL Configuration

...

1. tab,

...

1.  and click Create.

...

1. From the Create

...

1. drop-down list,

...

1. select one of the following filtering criteria for the ETL configuration: Regex,

...

1. IP/Network, FQDN, NIOS HOST, IP/Network, FQDN DNS Record Type, OPHID, and ON-PREM HOST.

...

1. For the criterion you selected,

...

1. specify the following information in the Create ETL

...

1. Filter wizard,

...

1.  and then click Save & Close:
   • Name:

...

1. • Enter a name that best describes the filtering function of the ETL configuration.
   • Description:

...

1. • Enter a description for the ETL configuration.

...

1. • The field’s length is 256 characters.
   • State: Use the slider to enable or disable the ETL configuration.

...

1. •  The ETL configuration is in effect

...

1. • only after you enable it;

...

1. • if you disable it, the ETL

...

1. • filter will not be in effect even if you have applied the ETL configuration to a traffic flow configuration.

6. Expand the Regex, IP/Network, FQDN, NIOS HOST, IP/Network, FQDN DNS Record Type, OPHID, or ON-PREM HOST section, and  and click Add to add the  to add the applicable parameters:

• Regex:
The regex filter
• The regex filter applies to DNS query/response events and RPZ events. You can specify any regular expressions for the member name. You
can also specify the name of the Grid
• can also specify the name of the Grid member that processed the query. 

• The regex filter for the RPZ flow works with IP addresses, not with hostnames. For all other workflows, the filter works with hostnames.

• IP/Network: This filter  This filter applies to DNS query/response events, IP metadata, and RPZ events.If  If the event is a query, specify  specify the query source’s IP query source’s IP address; if the if the event is a response, specify the  specify the destination’s IP address. Specify the Specify the client_ip filter in the following format:

...

• FQDN: The FQDN filter applies to DNS query/response events and RPZ events. A query filter is a combination of valid FQDNs and valid FQDNs and wildcards. Note the following about wildcards:
• You can specify a wildcard either on the left or right side of the FQDNthe FQDN.
• A rule can have zerohave zero, one, or two wildcardsor two wildcards.
• If a rule has two wildcardshas two wildcards, they have to be on the opposite ends of the FQDN.
• With the exception of the “?” wildcard” wildcard, a wildcard on wildcard on the left side of side of the FQDN must FQDN must be followed by a dot.
• With the exception of the “?” wildcard, a wildcard a wildcard on the right side of side of the FQDN must FQDN must be preceded by a dot.

The following wildcards are supported:

• DNS Record Type: This filter can be applied on DNS query/response events and RPZ events. These records provide important details about domains and hostnames. The following are some of the DNS Record Type filters:
  • A Record
  • AAAA Record
  • CAA Record
  • CNAME Record
  • MX Record
  • NAPTR Record
  • NS Record
  • PTR Record
  • SRV Record
  • TXT Record
• OPHID: This is a unique identifier for of the on-prem host. The user can use this value or provide a custom-defined OPHID. The following are some of the OPHID filters:
  • e7d97bd6548y8bbasd766e3f8f3789jrob6
  • 4c168ec9ca885fa5d9ccca0d8dfe793f
  • cdc-filter-test
• ON-PREM HOST:  This This is a display name of the on-prem host. The following are some of the ON-PREM HOST filters:
  • iccrvr01.indu.test-example.com
  • ZTP_atlasautomation_8722411532980096350
  • APIKEY1
  • Inblox Test OnPrem

For the complete list of supported filters, see Data Connector ETL Data Filter Types.

For more information on ETL configurations, see the following:

• Configuring ETL Filters
• Viewing ETL Configurations
• Removing ETL Configurations