Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 38 Next »

Topics Discussed

To fully use this screen, you must add the following permission to your account:

  • Read IP Threat Lookup Rule(s)

  • Write IP Threat Lookup Rule(s)

  • Write IP Threat Lookup Rule Never Expire IP

  • Read IP Threat Lookup(s).

Error rendering macro 'excerpt-include' : No link could be created for 'ESLP:IP Threat Lookup Overview (snippet)'.


Access IP Threat Lookup

Overview

Graph / Table

Description

IP Lookups

This graph displays all the IP lookups that have taken place in your account.

An IP Lookup indicates a user has searched for Armor's recommendation regarding to whitelist or blacklist an IP address.

DTB User

This table lists:

  • The name of the AMP user who performed an IP lookup (IPTL User).
  • The date of their last IP lookup (Last Query Date).
  • The total number of IP lookups performed (Total Requests).

IP Lookup

You can use this box to perform an IP lookup.

To learn more, see Perform an IP Lookup.


Events

You can use this screen to view the IP addresses that your users have researched in AMP.

Column

Description

Source IP

This column displays the IP address that was researched.

Request Type

Standard - This lookup took place using the Armor API system.

Detailed - This lookup took place when a user used the IP Lookup feature in AMP.

Requestor

This column displays the full name of the AMP user who researched the IP address.

Date

This column displays when the search took place.

Recommendation Action

This column displays the Final Recommendation that was displayed during an IP lookup.

When you performed a search, you will receive two types of recommendations:

  • The Recommendation entry is based on Armor's default policy.
  • The Final Recommendation entry is based on any rules that you have previously created.
    • For example, if you created a rule to blacklist 123.444.555.777, and then you perform a search on 123.555.777.999, then the Final Recommendation will most likely say Block because of your previously created rule.

Rules

This column displays the corresponding rule, if applicable.

If the column says None, then you can create a rule for this IP address. Hover over the rule, click the vertical ellipses, and then click Add Rule.


Rules

This section displays the rules that have been created in your account.

Column

Description

IP

The IP address that is included in the rule.

Added By

The name of the AMP user that created the rule.

Date Added

The date that the rule was created.

Expiration Time

The date that the rule expires, if applicable.

Rule

The type of rule (Whitelist or Blacklist).


Add a Rule

Error rendering macro 'excerpt-include' : No link could be created for 'ESLP:Add a rule (snippet)'.


Delete a Rule

Error rendering macro 'excerpt-include' : No link could be created for 'ESLP:Delete a rule (snippet)'.


Perform an IP Lookup

Error rendering macro 'excerpt-include' : No link could be created for 'ESLP:Perform an IP lookup (snippet)'.


Troubleshooting

If you do not see any data in this screen, consider that:

  • You have not created a rule.
  • You have not performed an IP lookup.
  • You do not have permission to view this screen.
    • To fully use this screen, you must have the following permission enabled for your account:
      • Read IP Threat Lookup Rule(s)
      • Write IP Threat Lookup Rule(s)
      • Write IP Threat Lookup Rule Never Expire IP

      • Read IP Threat Lookup(s).

        To learn more about roles and permissions, see Roles and Permissions.


Additional Information

This feature includes GeoLite data, created by MaxMind. For more information, please visit the MaxMind website.




Was this helpful?

  • No labels