The IP addresses view

Introduction

The IP addresses page is the place for being able to understand which IPs you have on your attack surface but more importantly, it tells you in what country those are hosted in, who the hosting provider is, and what the ASN is. being able to find outliers in this data is crucial for finding shadow IT such as legacy web apps, unapproved testing sites, or any assets that are not in your official inventory.


Each observation will have a state saying if that is still active on your attack surface or whether it is inactive. There will also be a date saying when it was first found and a disappeared timestamp, if it is no longer active on the surface.


Grouping the table data

In order to allow you to look at this data on any level of detail, the table can be grouped on some key dimensions.



Group by None

This is the most detailed level of the IP data. It shows each domain and each IP that they point to as unique observations. The status shows whether this connection still exist on your attack surface or whether that connection is currently inactive. The dates show when the domain-ip relationship was first established or when it was lost.



Group by IP

With this grouping each row is a unique IP and the domains connected to it are shown as the count of number of assets. Clicking that count will show you those domains and allow you to go directly to the asset details page for that domain. The status shows whether that particular IP is currently resolving from one of your DNS records and the timestamps show when it was first found and when it disappeared (if applicable).



Group by Provider

With this grouping you will immediately see each different provider you have and how many IPs or assets that are associated with it. Clicking the number of assets or the number of IPs will navigate you to the group by None view and filter on this provider. The status shows whether that particular provider is currently in use by any of your IPs and the timestamps show when it was first found and when it disappeared (if applicable).




Group by Country

With this grouping you will immediately see each different country you are in and how many IPs or assets that are associated with it. Clicking the number of assets or the number of IPs will navigate you to the group by None view and filter on this country The status shows whether that particular country is currently in use by any of your IPs and the timestamps show when it was first found and when it disappeared (if applicable).