Our IP address Geolocation information includes a series of fields that help indicate the history for that address or a group of addresses.
When looking at an alert in the Realtime Alerts for example, clicking on the IP address will bring up additional information:
The Threat Score is based on historical data where attacks or malicious events have previously originated from this address.
The Trust Score is also based on periods of time where nothing malicious originated from this address.
Occasionally a "datacenter" field may be present and show as a threat. In this case, a low trust rating may be present and is related to neighboring IPs on the same network that may have been reported as VPN or proxy or in a blocklist.
The highest accuracy that can be achieved is using IP addresses or IP ranges.
Additional Note: IP color is black with no details:
TOR Browser - IP Anonymization: When you use a TOR browser, your IP address (the one assigned to you by your internet service provider) is masked. Websites you visit through TOR will see the IP address of a TOR exit node, not your actual IP address. This helps in preserving your anonymity online.
Due to this when a TOR Browser is used, on the event level we are not provided with any IP data points except for the exit node IP address. Without this data there is no indicator for us to apply any color coding. This is working as expected given our logic for highlighting IP Addresses.
Comments
0 comments
Please sign in to leave a comment.