IP Address Intel Cards (aka IP Address Cards) provide an on-demand summary of essential information related to a specific IP Address or CIDR (an IP Address range). IP Address Cards are updated in real time as Recorded Future collects new information. You can use IP Address Cards as a starting point when assessing whether observation of this IP in a specific context is an Indicator of Compromise, and further can be used in security control rules to block or detect incidents. IP Address Cards are also pivot points during investigations that start with another indicator, a malware tool, a vulnerability, or a threat actor.
Descriptions of several common components of the IP Address Card are found in the Overview of Intel Cards; the details below are specific to the IP Address Card:
IP Address Risk Scores help to identify potentially malicious IP Addresses. The risk rules for IP Addresses currently age out after a period of time, if we no longer see evidence that an individual rule matches. More information can be found by looking at the IP Address Risk Rules.
Risks in the /24 Subnet
IP Address Cards include a summary of other IP addresses in the same /24 Subnet (historically known as a Class C block) with current risk scores. This subnet summary provides quick context of the network neighborhood around the individual IP address.
IP Address Cards includes GeoIP information (courtesy of MaxMind GeoLite) such as AS Number, names of organizations which administer the enclosing IP range, and geographic location.
Intelligence Partner Extensions
Extensions are integrations that enhance IP Address Cards with content from our Intelligence Partners. Click here to learn more. We also have training page specific to the extensions available on an IP Address Card.