Ctrlk

🔎Networks Tab & User Investigations

6/2023

Overview

Within the User 360 profile, the Networks tab provides context on IP addresses associated with each user. When you’re responding to an incident or trying to get to the bottom of some anomalous activity, this context is critical.

This article and video on Using the Networks Tab below provides instructions on how to obtain the most value from this feature within Oort.

Available Data Types

The table includes useful information about each IP address, such as:

  • Last access

  • Number of Success, Failure, and Other events associated with the IP

  • Number of Failed events associated with the IP

  • Location

  • Carrier

  • IDP source(s) of activity (e.g. Okta, Azure AD, Duo)

  • User with activity from that same IP

Key Features

The table offers the following high-level features -

  1. Search bar for IPs, activity type, carriers, or locations

  2. Time range selector to filter IP activity (default = 30 days)

  3. Geolocation map (collapsed by default)

  4. Tags

  5. Slide-out window with additional information

Using the Networks Tab

The following video provides valuable information on common use cases for the Networks tab. More information is also included below.

https://www.youtube.com/watch?v=3Lai9OCaZB8www.youtube.com

Searching IP Activity

Use the search bar to free text or keyword search the table for different IP activity, such as a specific Country, City, or ASN.

Details Pane

For each IP row, there's is a details pane with both a IP Data summary table and the IP Activity

Click the whitespace of any IP row to open this details slide-out pane to the right.

IP Search for This User or Other Users

A key feature of the Networks tab is drilling down into the detailed activity for the current user OR searching for traffic from that IP for other users.

Click any IP in the table to pull up the menu of options:

  • Search for the IP events for just this user

  • Find other users who have IP traffic from this IP. Note that the Same IP Users column on the far right will indicate if the tenant has other users with IP traffic from this IP.

  • Copy IP to clipboard

PreviousImporting Known IP Address ListsNextOkta Workflows Webhook Example

Last updated