IP Addresses

InsightIDR captures the IP address of an asset every time it attributes data to an account and an asset.

You can configure different IP Addresses to more accurately attribute data to your users and assets from Settings. You will find options for:

Static IP Addresses

Static IP Ranges are assets that do not receive IP addresses through DHCP. Most commonly, these are servers and any other assets who have a statically assigned IP.

To add a static IP range:

  1. Navigate to Settings > Static IP Ranges.

  2. Click the Add Static IP Range button.

  3. Enter the name for the range in the "Name" field.

  4. Enter the range in the "Range" field. The format is xxx.xxx.xxx.xxx/xx:

    • The values before the slash (/) describe the IPv4 network.
    • The value after the slash is the CIDR notation, which denotes the number of subnets and usable host addresses.

    For example, the range 192.168.1.0/24 defines a single subnet, with a usable host address range of 192.168.1.1, up to 192.168.1.254.

  5. Click the Save button.

To edit a static IP range:

  1. Navigate to Settings > Static IP Ranges.
  2. Click on the pencil icon to the right of the range that you want to edit.
  3. Make the required edits.
  4. Click the Save button.

Unmanaged IP ranges

You should indicate to InsightIDR which IP range you do not manage outside of your corporate network. That way, InsightIDR will ignore that range.

To add an unmanaged IP range:

  1. Navigate to Settings > Unmanaged IP Ranges.

  2. Click the Add Unmanaged IP Range button.

  3. Enter the name for the range in the "Name" field.

  4. Enter the range in the "Range" field. The format is xxx.xxx.xxx.xxx/xx:

    • The values before the slash (/) describe the IPv4 network.
    • The value after the slash is the CIDR notation, which denotes the number of subnets and usable host addresses.

    For example, the range 192.168.1.0/24 defines a single subnet, with a usable host address range of 192.168.1.1, up to 192.168.1.254.

  5. Click the Save button.

Unknown IP Addresses

Knowing the unknown is a constant challenge for security practitioners, especially when it comes to knowing the various devices on the corporate network. InsightIDR tracks all IP addresses it receives from DHCP and VPN assignments, but sometimes logs come in from other event source with IPs that have never been seen by your DHCP or VPN event sources.

InsightIDR, therefore, reports unknown IP addresses originating from other event sources. This helps you see if you are missing a DHCP or VPN event source in your environment that needs to be hooked up to a Collector.

Some might be related to DHCP servers or VPN servers that you haven't configured yet, or some might be static IP ranges or unmanaged.

To manage your unknown IP addresses:

  1. Navigate to Settings > Unknown IP Ranges.
  2. Any unknown IP ranges will appear in the table.
  3. You can add IP Ranges to Static IP Ranges or Unmanaged IP Ranges from there.

Public IP Ranges

Rapid7 recommends leaving this setting blank, unless your network overrides a public IP address.

If you have any publicly addressable IP addresses for your internal network, you need to specify these in InsightIDR.

To specify your public IP addresses:

  1. Navigate to Settings > Public IP Ranges.
  2. Enter one or more IP address ranges on separate lines.
  3. Click Save All Local IP Ranges to save.