Many organizations with legacy networks or regular M&A activity leverage publicly routable IP address space internally. When Red Canary is detecting and confirming threats, it is helpful context to understand which network addresses you consider internal. When you are responding to threats, it is helpful to your responders to know the same.

To get started, define the CIDR blocks your organization considers internal on the Administration > Network Context page.

Then any network connections to one of those addresses marked in detection timelines will be annotated as an internal address.

Did this answer your question?