Importing Known IP Address Lists

05/2022 - rev 2

Overview

Oort’s platform has the ability to ingest known IP address lists in CIDR format and then tag User activity with those known locations.

This helps by providing visibility into user activity and easily distinguishing between known locations and unknown network activity.

screenshot 2022 04 25 124428

IP Address CIDR Format

For the file upload, the IP addresses and corresponding location descriptions or tags need to be in CIDR format as a JSON file. The structure of the file needs to be as follows, with one location and description pair per line -

{"key":"Ashburn DC","value":["206.71.192.0/24"]}
{"key":"Brno","value":["85.71.228.64/28","85.93.123.96/28"]}
{"key":"Eschborn","value":["193.37.158.0/24”]}

An example JSON file can be downloaded here and modified with your known IP addresses and location tags.

Uploading the IP Address File

Once the file has been created with the correct structure and desired IP addresses and locations, follow these steps to upload the file to your Oort tenant.

  1. Select the Integrations main tab and then click Add Integration.

    screenshot 2022 04 25 125223

  2. Select Manual Uploads

  3. Provide a name, description, and date for the file upload. Select or drag & drop the file.

    screenshot 2022 04 25 125516

  4. Click Upload File.

  5. Once done, the file will be listed under the Manual Uploads section of the Integration status dashboard.

    screenshot 2022 04 25 125827

Updating the existing file

To update an existing IP Address file, simply click the three dots at the right side of the Manual Upload for that file, and select Upload new file version. Then upload the new file.

screenshot 2022 04 25 130036