# Networks Tab

### Overview

Within the User 360 profile, the **Networks** tab provides context on IP addresses associated with each user. When you’re responding to an incident or trying to get to the bottom of some anomalous activity, this context is critical. 

The Networks tab is the third tab of the User 360. This article and video below on [#using-the-networks-tab](#using-the-networks-tab "mention") provides information on the different data available on the Networks tab and instructions on how to obtain the most value from this feature within Identity Intelligence. 

<figure><img src="https://582105988-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqPSBzsjxd7KYg9DNVZ4l%2Fuploads%2F4Ucx9ycJGfZF0VcoW7Or%2Fimage.png?alt=media&#x26;token=c6d42ffb-a11d-43d7-bb01-ca52e21cfc5d" alt=""><figcaption></figcaption></figure>

### Networks table elements&#x20;

The Networks table contains all the detailed event information for a particular network. Above the column headers on the left, you can see the total number of IP addresses associated with a user for the selected timeframe.&#x20;

The section below details the fields that appear in the table, as well as the definition of each field:

<table><thead><tr><th width="207">Element</th><th>Definition</th></tr></thead><tbody><tr><td>IP Address</td><td>The IP address <br><br>Left-click on an IP address to <a href="#pivot-on-ip-address">perform additional actions</a> related to this IP address</td></tr><tr><td>Last Access (UTC)</td><td>The date and time the IP address was last seen </td></tr><tr><td>Hit Count</td><td>The number of events associated with this user and the IP address, regardless of result</td></tr><tr><td>Successful Events</td><td>The number of successful events associated with this user and the IP address</td></tr><tr><td>Failed Events</td><td>The number of failed events associated with this user and the IP address</td></tr><tr><td>Other Events</td><td>The number of other events (neither success nor failure) associated with this user and the IP address<br><br>Hover over the number to see the sum of events for each result type</td></tr><tr><td>Tags</td><td>Tags associated with the IP Address<br><br>Hover over each tag to see a tooltip with the source of the tag (ex: IP info: Hosting, etc). If no source, it is an Identity Intelligence tag (ex: New ISP)</td></tr><tr><td>Location</td><td>The location associated with the IP Address</td></tr><tr><td>Carrier</td><td>The carrier associated with the IP Address</td></tr><tr><td>Source</td><td><p>The identity sources associated with any activity from the IP Address </p><p><br>Hover over the icon in this column to see a tooltip with the integration name</p></td></tr><tr><td>Same IP Users</td><td>The number of users in your environment associated with the IP Address</td></tr></tbody></table>

### Diving deeper into an IP Address

Like in the Activity table, select the blank space in a given row will show you more information on a particular IP address.&#x20;

<figure><img src="https://582105988-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqPSBzsjxd7KYg9DNVZ4l%2Fuploads%2FDCu2lumOk2TtqffDGtgk%2Fimage.png?alt=media&#x26;token=771103aa-d8c4-41d5-b132-906a49740673" alt=""><figcaption></figcaption></figure>

This will open a slide panel from the right side of the page, that has 2 tabs - IP Data and IP Activity.&#x20;

* IP Data shows you IP address data summary (including ASN details)
* IP Activity shows you the user's associated activity types (types, activity counts, results) and which applications were accessed (app names, hit counts, results) for the selected IP address&#x20;

To close the slide panel, select the **X**  in the top right corner, or select anywhere outside of slide panel.&#x20;

<figure><img src="https://582105988-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqPSBzsjxd7KYg9DNVZ4l%2Fuploads%2F3dbX5b0pqk8QL89C0q3x%2Fimage.png?alt=media&#x26;token=fe0625f8-6df7-4a68-9388-751ad5337602" alt=""><figcaption></figcaption></figure>

### Networks Tab general actions&#x20;

The Networks table offers multiple high level features that are similar to what can be found elsewhere in the platform. Navigate through the tabs below to learn more about how to utilize each feature.

{% tabs %}
{% tab title="Search IP Addresses" %}

#### **Search IP Addresses**

Use the search bar above the Networks table to search based on various items such as a specific IP address, activity types, applications, ASN and location. When searching, you do not need to provide an exact value. Typing a piece of the word will return results. \
\
If you have searched on a particular parameter, the search criteria is retained as you navigate between different tabs within the platform. &#x20;

To clear the search bar, press the **X** on the right most side of the search bar.&#x20;
{% endtab %}

{% tab title="Adjust timeframe" %}

#### Adjust timeframe

By default, the Networks tab is filtered to show all events over the last 30 days. If you would like to see a larger or smaller window, you can customize your view with the date selector, which can be found directly to the right of the search bar.&#x20;

<figure><img src="https://582105988-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqPSBzsjxd7KYg9DNVZ4l%2Fuploads%2FYtP7SSP3CnVZjOByXrDK%2Fimage.png?alt=media&#x26;token=5ec3d491-aab6-47b1-890f-973f975fc42a" alt=""><figcaption></figcaption></figure>

Press anywhere in the box to open a dropdown where you can select from preset timeframes (ex: Last 4 hours, Last day, Last 7 days, etc), a custom period, or 'View All', based on your needs.&#x20;
{% endtab %}

{% tab title="Sort columns" %}

#### Sorting columns

By default, the Networks tab is sorted in descending order (highest to lowest) on Hit Count. To sort by a specific column value, select the arrow next to the column header to switch between ascending and descending order. \
If there is no arrow available, it means this column cannot be sorted.&#x20;
{% endtab %}

{% tab title="Download results" %}
**Download results**

You can download tabular data from the table to a CSV using the **Download** icon button on the right after the timeframe filter. \
Note: The CSV output has a limit of 2,000 rows

<figure><img src="https://582105988-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqPSBzsjxd7KYg9DNVZ4l%2Fuploads%2FeJmxIRJHAjd9M9OizqMp%2Fimage.png?alt=media&#x26;token=6d1d927c-c060-4318-b93c-2803450ab4d9" alt="" width="77"><figcaption></figcaption></figure>
{% endtab %}
{% endtabs %}

### Geolocation visualization

The Networks tab has a geolocation widget, which is collapsed by default, that displays a given user's IP Address location history on a map for easy scanning.  \
\
Hovering over a specific dot will pop up information on the total number of unique IP address activities associated with this area, as well as a cumulative hit count.&#x20;

Selecting a specific dot will take you to the [Activity](https://docs.oort.io/understanding-your-users/user-360/activity-tab) tab, pre-filtered on the IP Addresses associated with the chosen location.&#x20;

<figure><img src="https://582105988-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqPSBzsjxd7KYg9DNVZ4l%2Fuploads%2FI8DOC46BdqZ07etatsL5%2Fimage.png?alt=media&#x26;token=64c749b7-979f-4570-b466-a7e9326b67f1" alt="" width="563"><figcaption></figcaption></figure>

If you would like to open this widget, press the **Map** icon button next to the timeframe filter. To remove the widget, press the **Map** icon button again.&#x20;

### Pivot on IP Address

A key feature of the Networks tab is the ability to drill down into the detailed activity for the current user OR search for traffic from that IP for ***other users.*** \
\
The actions menu will pop up when left-clicking on a specific IP address in the Networks table. The actions are:

* **Find user activity -** Adds the selected IP address as a filter on the given user's [Activity](https://docs.oort.io/understanding-your-users/user-360/activity-tab) tab so you can see all the user's activity associated with this particular IP address&#x20;
* **Find users who attempted to sign in from X.X.X.X -** Adds the selected IP address as a search parameter on the [Users](https://docs.oort.io/understanding-your-users/users) page so you can see any other users who have activity associated with this particular IP address
  * &#x20;<mark style="color:orange;">**Note:**</mark> the Same IP Users column on the far right of the Networks tab will indicate if the tenant has other users with IP traffic from this IP address
* **See IP info -** Add the selected IP address as a filter on the given user's Networks tab and opens the slide panel so you can see more detailed information about that IP address
* **Copy to clipboard -** Copies the IP address to your clipboard so that you can paste it within Identity Intelligence or another tool&#x20;

The ability to pivot on an IP Address is available virtually everywhere that an IP address is visible throughout Identity Intelligence, such as the [Activity](https://docs.oort.io/understanding-your-users/user-360/activity-tab) tab, [Users](https://docs.oort.io/understanding-your-users/users) page, [Check](https://docs.oort.io/understanding-your-users/user-360/checks-tab) explainability, etc, and can be accessed with a left-click on an IP address.

<figure><img src="https://582105988-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FqPSBzsjxd7KYg9DNVZ4l%2Fuploads%2FUaZ1pB0442x52j7O2pcO%2Fimage.png?alt=media&#x26;token=cc78e3b5-e4f8-4a5e-a1b2-cdb6168e827d" alt=""><figcaption></figcaption></figure>

## Using the Networks Tab

The following video provides valuable information on common use cases for the Networks tab

{% embed url="<https://youtu.be/3Lai9OCaZB8>" %}