Detects users logging in from suspicious IP addresses. IP address reputation is like a credit score. Each address has a score based on associations with bad behaviors. It likely poses a risk if it ever hosted malware, phishing sites, or spam. The riskier the address, the worse its reputation. Like a credit score, its reputation takes a while to clear. If you do not wish to receive alerts on specific types of IP addresses, you can add more categories (such as Spam Sources) to the ignore list.

Oort uses an up-to-date risk service to notify customers when a user logs in from a marked address. See the documentation for the complete list of markers.

Recommended Actions

We recommend contacting the end user to purge the machine originating the traffic. We only tag successful logins to reduce false positives.

Default Check Settings

Ignored IP addresses:5

Compatibility

Microsoft Entra ID

Okta

Duo

Google Workspace

Salesforce