Skip to main content
Skip table of contents

Network Records

Network records identify and logically group a range of IP addresses to:

  • Assign a Risk-Based Priority (RBP) to events.
  • Determine direction such as inbound or outbound for the activity being logged.

Network records do not need to correspond to physical networks. Their function is to identify a contiguous range of IP addresses that share a common risk threshold. For direction identification, all undefined network ranges are considered to be external in nature; although for risk rating, networks may also be defined explicitly as external.

Known Networks

In LogRhythm, Known Networks are used:

  • To help calculate Risk Based Priority (RBP) and Direction.
  • As criteria for Alarm Rules.

MPE resolves the Network at run-time when it calculates RBP and direction. The Alarm and Response Manager (ARM) resolves the network at run time for rules evaluation.


Hosts and Networks are also assigned a Zone value of Internal, External, or DMZ. The Zone is assigned in the order:

  1. Zone of the resolved Known Host.
  2. Zone of the resolved Network.
  3. The IP address:
    1. If the IP Address is private, set the Zone to Internal.
    2. If the IP Address is public, set the Zone to External.
    3. If there is no IP Address, set the Zone to Unknown.
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.