Analyze an IP address by examining its subnet data
If you want to investigate an IP address that Exposure Analytics has not detected, or does not have complete data on, you can investigate it by examining its subnet data. Enter an IP address to search for ipv4 or ipv6 IP addresses detected in the same subnet. You can also specify which fields to group the subnets by, such as the city or country.
To investigate an IP address using subnet data, complete the following steps:
- In Exposure Analytics, select Investigation from the main menu navigation bar.
- From the drop-down list, select IP subnet investigation.
- Enter the IP address you want to investigate in the search box.
- Select the Subnet mask. For example, ipv4 /24.
- (Optional) Specify the Zone if you're utilizing IP zones. See Add IP zones to the company subnet directory in the Administer Splunk Asset and Risk Intelligence manual.
- (Optional) Select fields to group the subnet by.
- Select to geolocate the subnet by
city,country, orlocation_id. - Select Submit.
After you submit your IP subnet investigation search, you can find all the IP addresses discovered at the subnets and the known asset information for each one. You can also find subnets that match the company subnet directory to see if the discovered subnets are in your inventory.