🛂Importing Known IP Address Lists
12/2024
Overview
Oort’s platform has the ability to ingest known IP address lists in CIDR format and then tag User activity with those known locations.
This helps by providing visibility into user activity and easily distinguishing between known locations and unknown network activity.
Note that the IP CIDR list(s) are used in the calculation of several threat detection checks, specifically to exclude known locations from the algorithm or detection logic.
IP Address CIDR Format
For the file upload, the IP addresses and corresponding location descriptions or tags need to be in CIDR format as a JSON file. The structure of the file needs to be as follows, with one location and description pair per line -
An example JSON file can be downloaded here and modified with your known IP addresses and location tags.
NOTE - the platform does not support a JSON array format, such as:
Uploading the IP Address File
Once the file has been created with the correct structure and desired IP addresses and locations, follow these steps to upload the file to your Oort tenant.
Select the Integrations main tab and then click Add Integration.
Select Manual Uploads
Provide a name, description, and date for the file upload. Make sure the IP CIDR List type is selected. Select or drag & drop the file.
Click Upload File.
Once done, the file will be listed under the Manual Uploads section of the Integration status dashboard.
Updating the existing file
To update an existing IP Address file, simply click the three dots at the right side of the Manual Upload for that file, and select Upload new file version. Then upload the new file.
Last updated