Filter data in IP Address view

IP Address view lets you investigate whether or not specific IP addresses are present within your enterprise and what impact they might have had on your assets.

Google Security Operations lets you investigate specific IP addresses to determine if any are present within your enterprise and what impact these outside systems might have had on your assets. IP Address view is derived from the same security information and data that you have forwarded to Google Security Operations from your enterprise and can also examine using Asset view.

From Asset view, you begin your investigation from within your enterprise and look outward. From IP Address view, you begin your investigation from outside your enterprise and look in.

To access IP Address view in Google Security Operations, complete the following steps:

  1. Enter the IP address you need to investigate in the search bar at the top of the Google Security Operations user interface. Click SEARCH.

  2. Select the IP address from the DESTINATIONS IPS menu. IP Address view is displayed.

  3. Click the Filtering Icon icon in the top right corner of the Google Security Operations user interface to open the Procedural Filtering menu. Procedural Filtering lets you further filter information pertaining to an asset, including by event type, log source, network connection status, and Top Level Domain (TLD).

    The following Procedural Filtering options are available in IP Address view:

    • EVENT TYPE
    • LOG SOURCE
    • NETWORK CONNECTION STATUS
    • TLD