📶Networks Tab
Last updated
Last updated
Within the User 360 profile, the Networks tab provides context on IP addresses associated with each user. When you’re responding to an incident or trying to get to the bottom of some anomalous activity, this context is critical.
The Networks tab is the third tab of the User 360. This article and video below on Using the Networks Tab provides information on the different data available on the Networks tab and instructions on how to obtain the most value from this feature within Identity Intelligence.
The Networks table contains all the detailed event information for a particular network. Above the column headers on the left, you can see the total number of IP addresses associated with a user for the selected timeframe.
The section below details the fields that appear in the table, as well as the definition of each field:
Element | Definition |
---|---|
IP Address | The IP address Left click on an IP address to perform additional actions related to this IP address |
Last Access (UTC) | The date and time the IP address was last seen |
Hit Count | The number of events associated with this user and the IP address, regardless of result |
Successful Events | The number of successful events associated with this user and the IP address |
Failed Events | The number of failed events associated with this user and the IP address |
Other Events | The number of other events (neither success nor failure) associated with this user and the IP address Hover over the number to see the sum of events for each result type |
Tags | Tags associated with the IP Address Hover over each tag to see a tooltip with the source of the tag (ex: IP info: Hosting, etc). If no source, it is an Identity Intelligence tag (ex: New ISP) |
Location | The location associated with the IP Address |
Carrier | The carrier associated with the IP Address |
Source | The identity sources associated with any activity from the IP Address Hover over the icon in this column to see a tooltip with the integration name |
Same IP Users | The number of users in your environment associated with the IP Address |
Like in the Activity table, clicking on the blank space in a given row will show you more information on a particular IP address.
This will open a slide panel from the right side of the page, that has 2 tabs - IP Data and IP Activity.
IP Data shows you IP address data summary (including ASN details)
IP Activity shows you the user's associated activity types (types, activity counts, results) and which applications were accessed (app names, hit counts, results) for the selected IP address
To close the slide panel, click the in the top right corner, or click anywhere outside of slide panel.
The Networks table offers multiple high level features that are similar to what can be found elsewhere in the platform. Click through the tabs below to learn more about how to utilize each feature.
Use the search bar above the Networks table to search based on various items such as a specific IP address, activity types, applications, ASN and location. When searching, you do not need to provide an exact value. Typing a piece of the word will return results. If you have searched on a particular parameter, the search criteria is retained as you navigate between different tabs within the platform.
To clear the search bar click the X on the right most side of the search bar.
The Networks tab has a geolocation widget, which is collapsed by default, that displays a given user's IP Address location history on a map for easy scanning. Hovering over a specific dot will pop up information on the total number of unique IP address activities associated with this area, as well as a cumulative hit count.
Clicking on a specific dot will take you to the Activity tab, pre-filtered on the IP Addresses associated with the selected location.
If you would like to open this widget, click the Map icon button next to the timeframe filter. To remove the widget, click the Map icon button again.
A key feature of the Networks tab is the ability to drill down into the detailed activity for the current user OR search for traffic from that IP for other users. The actions menu will pop up when left-clicking on a specific IP address in the Networks table. The actions are:
Find user activity - Adds the selected IP address as a filter on the given user's Activity tab so you can see all the user's activity associated with this particular IP address
Find users who attempted to sign in from X.X.X.X - Adds the selected IP address as a search parameter on the Users page so you can see any other users who have activity associated with this particular IP address
Note: the Same IP Users column on the far right of the Networks tab will indicate if the tenant has other users with IP traffic from this IP address
See IP info - Add the selected IP address as a filter on the given user's Networks tab and opens the slide panel so you can see more detailed information about that IP address
Copy to clipboard - Copies the IP address to your clipboard so that you can paste it within Identity Intelligence or another tool
The ability to pivot on an IP Address is available virtually everywhere that an IP address is visible throughout Identity Intelligence, such as the Activity tab, Users page, Check explainability, etc, and can be accessed with a left click on an IP address.
The following video provides valuable information on common use cases for the Networks tab