Overview

Oort’s platform has the ability to ingest known IP address lists in CIDR format and then tag User activity with those known locations.

This helps by providing visibility into user activity and easily distinguishing between known locations and unknown network activity.

Note that the IP CIDR list(s) are used in the calculation of several threat detection checks, specifically to exclude known locations from the algorithm or detection logic.

IP Address CIDR Format

For the file upload, the IP addresses and corresponding location descriptions or tags need to be in CIDR format as a JSON file. The structure of the file needs to be as follows, with one location and description pair per line -

{"key":"Ashburn DC","value":["206.71.192.0/24"]}
{"key":"Brno","value":["85.71.228.64/28","85.93.123.96/28"]}
{"key":"Eschborn","value":["193.37.158.0/24”]}

An example JSON file can be downloaded here and modified with your known IP addresses and location tags.

Uploading the IP Address File

Once the file has been created with the correct structure and desired IP addresses and locations, follow these steps to upload the file to your Oort tenant.

1. Select the Integrations main tab and then click Add Integration.
2. Select Manual Uploads

3. Provide a name, description, and date for the file upload. Select or drag & drop the file.
4. Click Upload File.

5. Once done, the file will be listed under the Manual Uploads section of the Integration status dashboard.

Updating the existing file

To update an existing IP Address file, simply click the three dots at the right side of the Manual Upload for that file, and select Upload new file version. Then upload the new file.