Network zones and policies

Defining network zones and effective network policies is an excellent way to mitigate risk. This way, you can easily tell when employees are violating their access rights. You can also quickly identify a compromised user if an employee's account triggers a policy violation and the employee is not responsible for the event.

Define a network zone

Network zones allow the logical labeling of different systems or business groups based on IP ranges.

To define a network zone:

  1. In InsightIDR, select the Settings page from the lefthand menu. In the proceeding list, select Network Zones near the bottom.
  1. Click the Add Zone button.
  2. Enter the name for the range in the "Zone Name" field.
  3. Enter the range in the "IP Range" field. The format is xxx.xxx.x.x/xx, where the values before the / are the starting range and the value after is the last entry in the range.
    • For example, the range 1.1.1.1/24 defines the values 1.1.1.0, 1.1.1.1, 1.1.1.2, to the address 1.1.1.255.
  1. Click the check mark icon to save the zone.

Edit a network zone

To edit a network zone:

  1. Click on the pencil icon to the right of the range that you want to edit.
  2. Make the required edits.
  3. Click the check mark icon to save the changes.

Define a network policy

Network policies are used alongside network zones. After you’ve created a network zone, use network policies to monitor access to the zone. An InsightIDR investigation will be generated any time a policy is violated.

Groups are defined by network zones and Active Directory group membership.

To define network policies:

  1. From your InsightIDR homepage, select Settings from the lefthand menu.
  2. Select Network Policies from the list.
  3. You will see a table of existing policies, if present. Select the Add Policy Button.
  4. Search for and select one or more groups from your Active Directory.
  5. Choose an access policy.
  6. Choose a network zone.
  7. Select Save.