Define the IP address ranges and domain names used by Cortex XSIAM to identify your network assets.
Internal IP address ranges and domain names must be defined in order to track and identify assets in the network. This enables Cortex XSIAM to analyze, locate, and display your network assets.
In Cortex XSIAM, select Assets Network Configuration.
Define an IP address range.
By default, Cortex XSIAM creates Private Network ranges that specify reserved industry-approved ranges. These ranges can only be renamed.
To Add New Range, select either:
Create New.
In the Create IP Address Range dialog box, enter the IP address Name and IP Address, Range or CIDR values.
Note
You can add a range that is fully contained in an existing range, however, you cannot add a new range that partially intersects with another range.
Click Save.
Upload from File
In the Upload IP Address Range dialogue box, drag and drop or search for a CSV file listing the IP address ranges. Download example file to view the correct format.
Click Add.
Note
Viewing external IP address ranges requires the Attack Surface Management add-on.
An external IP address range is an IP address range that Cortex XSIAM has discovered through ASM scans and attributed to your organization. The complete list of external IP Address Ranges can be viewed on the External IP Address Ranges page, as explained in the following steps. External IP address range information is also available on asset details pages when an external IP address is used to attribute an asset to your organization.
In Cortex XSIAM, select Assets → Network Configuration → IP Address Ranges → External IP Address Ranges.
Review your external IP address ranges, as needed.
The IP Address Ranges table displays the following fields:
First IP Address: First IP address value of the defined range
Last IP Address: Last IP address value of the defined range.
IPs Count: Number of IP addresses in the range.
Active Responsive IPS count: Number of IP addresses in the range that are currently active and responsive.
Business Units: Business units associated with this external IP range.
Date Added: The first time that Cortex XSIAM identified this IP Range.
Organization Handles: Unique identifiers for the organizations managing the IP range.
Display details about an external IP range by selecting a row in the table.
The detailed view is displayed to the right of the table. External IP address range details include registration data, which Cortex XSIAM pulls from public RIR (Regional Internet Registries) databases. Registration data includes network records and organization records.
In Cortex XSIAM , select Assets → Network Configuration → Internal Domain Suffixes.
In the Internal Domain Suffixes section, +Add the domain suffix you want to include as part of your internal network. For example,
acme.com
.Select to add to the Domains List.
FIELD | DESCRIPTION |
---|---|
Range Name | Name of the IP address range defined. |
First IP Address | First IP address value of the defined range. |
Last IP Address | Last IP address value of the defined range. |
Active Assets | Number of assets within the defined range that have reported Cortex Agent logs or appeared in your Network Firewall Logs. |
Active Managed Assets | Number of assets within the defined range reported Cortex XSIAM Agent logs. |
Modified By | Username of the user who last changed the range. |
Modification Time | The timestamp shows when this range was last changed. |