IP Address Cards

IP Address Intel Cards (aka IP Address Cards) provide an on-demand summary of essential information related to a specific IP Address or CIDR (an IP Address range). IP Address Cards are updated in real time as Recorded Future collects new information. You can use IP Address Cards as a starting point when assessing whether observation of this IP in a specific context is an Indicator of Compromise, and further can be used in security control rules to block or detect incidents. IP Address Cards are also pivot points during investigations that start with another indicator, a malware tool, a vulnerability, or a threat actor.

Descriptions of several common components of the IP Address Card are found in the Overview of Intel Cards; the details below are specific to the IP Address Card:

Risk Scoring

IP Address Risk Scores help to identify potentially malicious IP Addresses. The risk rules for IP Addresses currently age out after a period of time, if we no longer see evidence that an individual rule matches. More information can be found by looking at the IP Address Risk Rules.

Risks in the /24 Subnet

IP Address Cards include a summary of other IP addresses in the same /24 Subnet (historically known as a Class C block) with current risk scores. This subnet summary provides quick context of the network neighborhood around the individual IP address.

Technical Profile

IP Address Cards includes GeoIP information (courtesy of MaxMind GeoLite) such as AS Number, names of organizations which administer the enclosing IP range, and geographic location.

Intelligence Partner Extensions

Extensions are integrations that enhance IP Address Cards with content from our Intelligence Partners. Click here to learn more.  We also have training page specific to the extensions available on an IP Address Card.

Was this article helpful?
1 out of 1 found this helpful

The content of this article is confidential and intended solely for the use of individuals with authorized access to the Recorded Future service. Do not download or distribute this article.
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment. Please note that your name will be displayed.