Bro Log Analysis - by CIDR

I’m looking at analyzing bro logs, filtering by an arbitrary CIDR.

Before I go write a Python script that will handle this - I was wondering if something already existed.

As an example -

zcat ssl.12:00:00-13:00:00.log.gz | bro-cut server_name id.orig_h | by_CIDR.py 129.21.1.0/23

I was also contemplating modifying bro-cut to handle this.

Thanks,
Ryan

If I do write a Python script to do this - I’m heavily inclined to use Python 3 (for the ipaddress Module).

Not sure if this helps:
https://www.bro.org/sphinx/components/pysubnettree/README.html

Ah - Very nice. Thank you for pointing that out Paul.