🔎Networks Tab & User Investigations
6/2023
Overview
Within the User 360 profile, the Networks tab provides context on IP addresses associated with each user. When you’re responding to an incident or trying to get to the bottom of some anomalous activity, this context is critical.
This article and video on Using the Networks Tab below provides instructions on how to obtain the most value from this feature within Oort.
Available Data Types
The table includes useful information about each IP address, such as:
Last access
Number of Success, Failure, and Other events associated with the IP
Number of Failed events associated with the IP
Location
Carrier
IDP source(s) of activity (e.g. Okta, Azure AD, Duo)
User with activity from that same IP
Key Features
The table offers the following high-level features -
Search bar for IPs, activity type, carriers, or locations
Time range selector to filter IP activity (default = 30 days)
Geolocation map (collapsed by default)
Tags
Slide-out window with additional information
Using the Networks Tab
The following video provides valuable information on common use cases for the Networks tab. More information is also included below.
Searching IP Activity
Use the search bar to free text or keyword search the table for different IP activity, such as a specific Country, City, or ASN.
Details Pane
For each IP row, there's is a details pane with both a IP Data summary table and the IP Activity
Click the whitespace of any IP row to open this details slide-out pane to the right.
IP Search for This User or Other Users
A key feature of the Networks tab is drilling down into the detailed activity for the current user OR searching for traffic from that IP for other users.
Click any IP in the table to pull up the menu of options:
Search for the IP events for just this user
Find other users who have IP traffic from this IP. Note that the Same IP Users column on the far right will indicate if the tenant has other users with IP traffic from this IP.
Copy IP to clipboard
Last updated
