IP Ranges Detail View - User Guide - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse User Guide

Product
Cortex XPANSE
Version
1.0
Creation date
2022-08-25
Last date published
2024-03-14
End_of_Life
EoL
Category
User Guide
Abstract

The IP Ranges assets tab enables you to examine each static IP range Cortex Xpanse associates with your business.

Each IP range denotes the starting IP address, ending IP address, and the total number of IP addresses based on the CIDR, such as /32 = 1, /30=4, /29 =8, and /24=256.

Using the IP Ranges assets tab, you can examine each static IP range Cortex Xpanse associates with your business. You can also see why that IP range was attributed to your organization, view registration information for the IP range, and view or add Annotations for the IP range, and Create a Custom IP Range.

The IP Ranges detail view provides the following information:

  • The first and last IP addresses for the range.

  • Size—The number of IP addresses in the range.

  • IP Observed (30 days)—The number of times this range was observed by Cortex Xpanse in the past 30 days.

  • Date Added—The first time that Cortex Xpanse identified this IP Range.

  • Related Services—The number of services found on this IP range. Click the number to display the list of related services along with information about those services.

  • Related Issues—The number of issues found on this IP range. Click the number to display the list of related issues along with information about those issues.

  • Ownership Summary—Business units associated with the IP Range.

  • Attribution—Indicates the reason for attribution. This information comes from the Asset information.

  • Registration—Cortex Xpanse pulls registration information from public RIR (Regional Internet Registries) databases, including ARIN, RIPE, APNIC, LACNIC, and AFRINIC. Cortex Xpanse displays the registration information in the expanded asset view for an IP Range. Registry information in your Expander instance is updated approximately biweekly.

    attribution-registration-geoip.png

    As part of the registration data, Cortex Xpanse includes a network record and an organization record for the IP range. Cortex Xpanse pulls information from a combination of Registration Data Access Protocol (RDAP) and Whois data to collect the information.

  • GeoIP/ Location Data—If Cortex Xpanse has seen the IP Address in the past 30 days, the city associated with the IP Address is listed. For more information on GeoIP, see GeoIP Collection.

  • Annotations—View or update the Tags, Notes, or Contacts associated with the IP range.