Comment on page
Networks Tab & User Investigations
Within the User 360 profile, the Networks tab provides context on IP addresses associated with each user. When you’re responding to an incident or trying to get to the bottom of some anomalous activity, this context is critical.
The table includes useful information about each IP address, such as:
- Last access
- Number of Success, Failure, and Other events associated with the IP
- Number of Failed events associated with the IP
- IDP source(s) of activity (e.g. Okta, Azure AD, Duo)
- User with activity from that same IP
The table offers the following high-level features -
- 1.Search bar for IPs, activity type, carriers, or locations
- 2.Time range selector to filter IP activity (default = 30 days)
- 3.Geolocation map (collapsed by default)
- 5.Slide-out window with additional information
The following video provides valuable information on common use cases for the Networks tab. More information is also included below.
Use the search bar to free text or keyword search the table for different IP activity, such as a specific Country, City, or ASN.
For each IP row, there's is a details pane with both a IP Data summary table and the IP Activity
Click the whitespace of any IP row to open this details slide-out pane to the right.
A key feature of the Networks tab is drilling down into the detailed activity for the current user OR searching for traffic from that IP for other users.
Click any IP in the table to pull up the menu of options:
- Search for the IP events for just this user
- Find other users who have IP traffic from this IP. Note that the Same IP Users column on the far right will indicate if the tenant has other users with IP traffic from this IP.
- Copy IP to clipboard