Configure your network parameters - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Documentation

Product
Cortex XSIAM
Creation date
2024-03-06
Last date published
2024-10-10
Category
Administrator Guide
Abstract

Define the IP address ranges and domain names used by Cortex XSIAM to identify your network assets.

Internal IP address ranges and domain names must be defined in order to track and identify assets in the network. This enables Cortex XSIAM to analyze, locate, and display your network assets.

  1. In Cortex XSIAM, select Assets Network Configuration.

  2. Define an IP address range.

    By default, Cortex XSIAM creates Private Network ranges that specify reserved industry-approved ranges. These ranges can only be renamed.

    To Add New Range, select either:

    • Create New.

      1. In the Create IP Address Range dialog box, enter the IP address Name and IP Address, Range or CIDR values.

        Note

        You can add a range that is fully contained in an existing range, however, you cannot add a new range that partially intersects with another range.

      2. Click Save.

    • Upload from File

      1. In the Upload IP Address Range dialogue box, drag and drop or search for a CSV file listing the IP address ranges. Download example file to view the correct format.

      2. Click Add.

Note

Viewing external IP address ranges requires the Attack Surface Management add-on.

An external IP address range is an IP address range that Cortex XSIAM has discovered through ASM scans and attributed to your organization. The complete list of external IP Address Ranges can be viewed on the External IP Address Ranges page, as explained in the following steps. External IP address range information is also available on asset details pages when an external IP address is used to attribute an asset to your organization.

  1. In Cortex XSIAM, select AssetsNetwork ConfigurationIP Address RangesExternal IP Address Ranges.

  2. Review your external IP address ranges, as needed.

    The IP Address Ranges table displays the following fields:

    • First IP Address: First IP address value of the defined range

    • Last IP Address: Last IP address value of the defined range.

    • IPs Count: Number of IP addresses in the range.

    • Active Responsive IPS count: Number of IP addresses in the range that are currently active and responsive.

    • Business Units: Business units associated with this external IP range.

    • Date Added: The first time that Cortex XSIAM identified this IP Range.

    • Organization Handles: Unique identifiers for the organizations managing the IP range.

  3. Display details about an external IP range by selecting a row in the table.

    The detailed view is displayed to the right of the table. External IP address range details include registration data, which Cortex XSIAM pulls from public RIR (Regional Internet Registries) databases. Registration data includes network records and organization records.

  1. In Cortex XSIAM , select AssetsNetwork ConfigurationInternal Domain Suffixes.

  2. In the Internal Domain Suffixes section, +Add the domain suffix you want to include as part of your internal network. For example, acme.com.

  3. Select network-mapper-enter.png to add to the Domains List.

FIELD

DESCRIPTION

Range Name

Name of the IP address range defined.

First IP Address

First IP address value of the defined range.

Last IP Address

Last IP address value of the defined range.

Active Assets

Number of assets within the defined range that have reported Cortex Agent logs or appeared in your Network Firewall Logs.

Active Managed Assets

Number of assets within the defined range reported Cortex XSIAM Agent logs.

Modified By

Username of the user who last changed the range.

Modification Time

The timestamp shows when this range was last changed.