Breadcrumbs

Network Records

Network records identify and logically group a range of IP addresses to:

  • Assign a Risk-Based Priority (RBP) to events.

  • Determine direction such as inbound or outbound for the activity being logged.

Network records do not need to correspond to physical networks. Their function is to identify a contiguous range of IP addresses that share a common risk threshold. For direction identification, all undefined network ranges are considered to be external in nature; although for risk rating, networks may also be defined explicitly as external.

Known Networks

In LogRhythm, Known Networks are used:

  • To help calculate Risk Based Priority (RBP) and Direction.

  • As criteria for Alarm Rules.

MPE resolves the Network at run-time when it calculates RBP and direction. The Alarm and Response Manager (ARM) resolves the network at run time for rules evaluation.

Zones

Hosts and Networks are also assigned a Zone value of Internal, External, or DMZ. The Zone is assigned in the order:

  1. Zone of the resolved Known Host.

  2. Zone of the resolved Network.

  3. The IP address:
    If the IP Address is private, set the Zone to Internal.If the IP Address is public, set the Zone to External.If there is no IP Address, set the Zone to Unknown.