Versions Compared

Old Version 4

changes.mady.by.user Andrew Grealy

Saved on

compared with

New Version 5

changes.mady.by.user Andrew Grealy

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Figure 1, “Legit Features”

Simple to Use

In the search bar type in your IP address of interest and hit enter or search. This will return information on the IP Address if has been found or no data found for the IP Address in question, or an error. Errors are if you enter invalid addresses such as non-routable addresses such as 10.0.0.1, multicast addresses, or localhost.

Beside the search bar is a copy button, that you can copy this URL and send this information to your colleague to see what you are seeing about this IP Address.

Features

Status Block

It will have whether the current address is blocked or not, which attacks has it seen, how many feeds have it as blocked, how many feeds were found, when it was first seen and when it was last seen as well as information on how many records are in this list.

GeoIP Block

This gives the GEO IP address information with a link to a possible area for this map.

IP Threat History

This is the feed history for when the IP Address in question appears.

Timeline

This shows when the IP Address in question has been added and removed from the different feeds over time.

How to use Legit in an incident

In incidents, there are a lot of times where you have a list of IP addresses and you are determining if any of them are points of interest. With Legit, you can match these IP Addresses and see if there were similar types of attacks at that same time period from that IP Address, or conversely, it’s not in the list, and help you decide the other way.

...