IPAM - Alert Notification when an IP address is added/deleted

PCI Auditors are requiring an alert notification is sent to Security every time a new IP address is used in PCI subnet in IPAM.

Level 8

This is a good feature, that is required and needed for any audit.

Pretty much any alert can be done by doing a custom SWQL alert, but you need to define what you're doing a bit better.   I haven't been working with IPAM much for awhile, but I'm not familiar with anything that flags a subnet as a "PCI Subnet".   Are you using IP Groups alone, or IP groups with a Custom Property attached to signify that something is a PCI subnet?   Or haven't you started doing this yet?

Once that's defined, its then a matter of structuring a query to find any new or changed IP info that has that flag set.   I'm guessing you'd do a query against the IPAM.IPNodeWithHistory table for anything that changed recently.   Might be a better table to use though, just making a guess...  

Level 9

Thank you for bringing this up, it will be a good feature if we can add this event on Alert or create a canned alert for it.


Product Manager
Its been a while since I have worked with IPAM but the following may be of interest