Configure Your Network Parameters - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-02-26
Last date published
2024-05-12
Category
Administrator Guide
Abstract

Define the IP address ranges and domain names used by Cortex XSIAM to identify your network assets.

To track and identify assets in your network, you need to define your internal IP address ranges and domain names to enable Cortex XSIAM to analyze, locate, and display assets.

Define Internal IP Address Ranges
  1. In Cortex XSIAM , select AssetsNetwork ConfigurationInternal IP Address Ranges.

  2. Define an IP Address Range.

    By default, Cortex XSIAM creates Private Network ranges that specify reserved industry-approved ranges. Private Network ranges are marked with a assets-private-network.png icon and can only have the name edited.

    To Add New Range select either.

    • Create New

      • In the Create IP Address Rage pop-up, enter the IP address Name and IP Address Range or CIDR values.

        Note

        You can add a range that is fully contained in an existing range, however, you cannot add a new range that partially intersects with another range.

        The range names you define will appear when investigating the network-related events within the Cortex XSIAM console.

      • Save your definitions.

    • Upload from File

      • In the Upload IP Address Ranges pop-up, drag and drop or search for a CSV file listing the IP address ranges. Download example file to view the correct format.

      • Add your list of IP address ranges.

  3. Review your IP address ranges.

    After you named and defined your IP address ranges, review the following information:

    The IP Address Ranges table displays the following fields:

    • Range Name—Name of the IP address range you define.

    • First IP Address—First IP address value of the defined range.

    • Last IP Address—Last IP address value of the defined range.

    • Active Assets—Number of assets located within the defined range that have reported Cortex Agent logs or appeared in your Network Firewall Logs.

    • Active Managed Assets—Number of assets located within the defined range that are reported Cortex XSIAM Agent logs.

    • Modified By—User name of the user who last changed the range.

    • Modification Time—Timestamp of when this range was last changed.

  4. Manage your IP address ranges.

    In the IP Address Ranges table, locate your range and select:

    • Edit range—Edit the IP address configurations. Changes made will affect the Broker VM Network Mapper.

    • Delete range—Delete the IP address range.

View External IP Address Ranges
Abstract

The External IP Address Ranges page lists all external IP addresses attributed to your organization.

Note

Viewing external IP address ranges requires the Attack Surface Management add-on.

An external IP address range is an IP address range that Cortex XSIAM has discovered through ASM scans and attributed to your organization. The complete list of external IP Address Ranges can be viewed on the External IP Address Ranges page, as explained in the following steps. External IP address range information is also available on asset details pages when an external IP address is used to attribute an asset to your organization.

  1. In Cortex XSIAM, go to AssetsNetwork ConfigurationIP Address RangesExternal IP Address Ranges.

  2. Review your external IP address ranges, as needed.

    The IP Address Ranges table displays the following fields:

    • First IP Address—First IP address value of the defined range.

    • Last IP Address—Last IP address value of the defined range.

    • IPs Count—Number of IP addresses in the range.

    • Active Responsive IPS count

    • Business Units—Business units associated with this external IP range.

    • Date Added—The first time that Cortex XSIAM identified this IP Range.

  3. Display details about an external IP range by selecting a row in the table.

    The detailed view displays to the right of the table. External IP address range details include registration data, which Cortex XSIAM pulls from public RIR (Regional Internet Registries) databases. Registration data includes network records and organization records.

Define Domain Names
  1. In Cortex XSIAM , select AssetsNetwork ConfigurationInternal Domain Suffixes.

  2. In the Internal Domain Suffixes section, +Add the domain suffix you want to include as part of your internal network. For example, acme.com.

  3. Select network-mapper-enter.png to add to the Domains List.