Gerenderde documentatie
Deze pagina rendert de Markdown en Mermaid van de module direct vanuit de publieke documentatiebron.
Overview#
The IP Address domain provides IP address intelligence including geolocation, ASN (Autonomous System Number) information, threat intelligence, and reputation scoring. It enables investigators to profile IP addresses, detect malicious infrastructure, and track digital footprints in investigations.
Key Features#
- Geolocation mapping (city, region, country, coordinates, timezone, organization)
- ASN intelligence (network identifier, organization, CIDR block, network type)
- Threat intelligence indicators (Tor exit nodes, VPN/proxy detection, datacenter identification, known attacker/abuser lists)
- Reputation scoring on 0-100 scale with confidence levels
- IP profile creation and management with investigation linking
- Enrichment from external data sources with force-refresh capability
- Bulk lookup for multiple IP addresses simultaneously
- Search across IP profiles with threat level and investigation filters
- Secrecy level classification for sensitive IP intelligence
Use Cases#
- Profiling suspicious IP addresses with geolocation and threat intelligence during investigations
- Detecting Tor, VPN, and proxy usage to identify anonymized infrastructure
- Bulk analyzing IP addresses from log files for threat assessment
- Enriching IP profiles with external intelligence feeds for comprehensive analysis
Integration#
The IP Address domain integrates with Threat Intel for IOC enrichment, Investigation for case linking, Profile for entity management, Alert for threat notifications, and Digital Footprint for digital presence tracking.
Last Reviewed: 2026-02-05