IP Reputation Library

NTA IP Reputation Library (SETTINGS menu > Network Traffic Analysis > NTA IP Reputation Library) enables you to consult static and/or dynamic lists that characterize IP addresses observed in current network traffic as suspicious. The library is prepopulated with a current list of IP addresses known to be in use by Tor client sessions (random routing and encryption that provides some measure of anonymity). When blacklisted addresses "talk" with your managed devices, they will be displayed in the NTA Suspicious Connections report.

You can also pull in lists periodically/dynamically from industry-trusted network, security, and Internet service vendor sites. This is a powerful feature in that it enables you to tie WhatsUp Gold into information observed by trusted partners and stakeholders throughout the Internet community.

Upload Lists of Addresses or Use Trusted URLs to Seed the IP Reputation Library

Add a local list

Use a community List (Cisco Talos Spam List Shown)

Typical Leverage Points:

Include or Edit an IP Address List

To add or modify a suspicious IP address list(ing):

Add/Edit List enables you to:

Note: The list you add must use the expected syntax and format. For details, see the syntax examples in the Expected Format section of this topic.

Viewing Library Entries

When viewing the grid from the library view, the following columns display:

Expected Format

For lists applied from file systems or REST API responses, the expected syntax is similar to a hosts file. One IP address per line.

Syntax:

# my comment
<suspicious-ip-address-1>
<suspicious-ip-address-2>
<suspicious-ip-address-n>

Example:

# Well-known spam sources
203.0.113.122
203.0.113.221

See Also

Network Traffic Analysis

Start Analyzing Your Network!

Before You Begin

NTA Features and Advantages

Choosing NTA Sources

Configuring and Enabling Collection on Sources

Creating Aggregate Sources

Aggregating Sources

Grouping Traffic

Classifying Traffic by Port Number (NTA Applications)

Collector Database Maintenance

Reduce and Analyze Traffic with Advanced Filtering

Network Traffic Analysis Settings

Listener Port, Collection, and Retention Settings