We’re just coming out of our POC and are building up our InsightIDR platform. One of our punch list items is to clear off Unknown IP Addresses. Once we’ve populated Static IP Ranges and Unmanaged IP Ranges, when will we see those additions reflected in Unknown IP Addresses?
Hi Bill,
the way the unknown IPs functionality works is a little tricky. Essentially there is a job that is run on a daily basis that checks if we have a known mapping for the IP->Hostname
For ip address to be persisted as unknown it has to qualify following criteria:
1. We could not figure out asset for this ip
2. It is not VPN address
3. It is not registered as unmanaged address
So the question is, what does your Unknown IP ranges look like? Are there IPs in there that you’ve added to the Static IP ranges already? Is there missing DHCP or VPN coverage for these IPs?
If you plug in Static IP ranges the way that functionality works is that the collectors must be able to reverse DNS lookup those IPs to resolve their hostnames, if a collector is unable to do so or gets no response, these IPs will remain unknown.
1 Like
We added our Static IP Ranges late last night and our Unmanaged IP Ranges this morning, so I’d expect by tomorrow morning most…of not all… would be removed from Unknown IP Addresses. Thanks.
1 Like