Network Zones and Policies
Defining network zones and effective network policies is an excellent way to mitigate risk. This way, you can easily tell when employees are violating their access rights. You can also quickly identify a compromised user if an employee's account triggers a policy violation and the employee is not responsible for the event.
Define a Network Zone
Network zones allow the logical labeling of different systems or business groups based on IP ranges.
To define a network zone:
- In InsightIDR, select the Settings page from the lefthand menu. In the proceeding list, select Network Zones near the bottom.
- Click the Add Zone button.
- Enter the name for the range in the "Zone Name" field.
- Enter the range in the "IP Range" field. The format is xxx.xxx.x.x/xx, where the values before the
/are the starting range and the value after is the last entry in the range.
- For example, the range 126.96.36.199/24 defines the values 188.8.131.52, 184.108.40.206, 220.127.116.11, to the address 18.104.22.168.
- Click the check mark icon to save the zone.
Edit a Network Zone
To edit a network zone:
- Click on the pencil icon to the right of the range that you want to edit.
- Make the required edits.
- Click the check mark icon to save the changes.
Define a Network Policy
Network policies allow you to create rules based on rules and are useful for enforcing internal policies, as you will be alerted any time a policy is violated.
Groups are defined by network zones and Active Directory group membership.
To define network policies:
- From your InsightIDR homepage, select Settings from the lefthand menu.
- Select Network Policies from the list.
- You will see a table of existing policies, if present. Select the Add Policy Button.
- Search for and select one or more groups from your Active Directory.
- Choose an access policy.
- Choose a network zone.
- Select Save.