There will be occasions where you have an IP address you need to track down but you don't necessarily know what cloud environment, cloud account or possibly even what cloud vendor is hosting the problem resource.
Maybe the IP address has cropped up in a security alert, or is causing load or traffic issues.
Needless to say, you need to track down how and where the errant IP address is being used and also get some context around the resources and connections involved.
Traditionally this could be a major undertaking, especially if you are managing hundreds of cloud accounts or have no up to date CMDB database or documentation.
If you had the foresight to connect your cloud accounts to Hava you will be able to find the IP address in seconds, as well as identify the resource it belongs to, the architecture it is running in and the vendor cloud account hosting it.
How to locate an IP Address using Hava
In the top menu bar type IP: and the IP address to search for.
Hava will then search through all your connected cloud accounts and return any matches in the form of a custom diagram.
The returned custom diagram shows us an m4.large AWS EC2 Instance, the subnet and the VPC the instance is running in.
Finding connections to a cloud resource found via IP address search
You can get a little more context around the IP address you are tracking down by utilising the Deep Search operator prefix. By adding the @ sign in front of IP: the returned diagram will also show you any resources connected to the resources matching your IP search.
Now we can see two elastic load balancers connected to our resource along with another availability zone serviced by one or both of the ELBs on the interactive diagram.
This is still just a subset of the VPC our target EC2 instance is running in. To get the full context behind it you can go and view the complete VPC.
The full VPC name is displayed on the bottom right of the VPC depicted as green rectangle, which you can also click to change the attribute pane to display the VPC details
Now you can return to the Environments Dashboard and search for the VPC name you have identified in the custom diagram, in this instance it is called demo-vpc
You can now open the returned full VPC or virtual network diagram to see the full context surrounding the resource you identified with the IP search.
Search for Cloud Resources by Partial IP Wildcard
In the above example we searched for a cloud resource using a complete private IP address ie 10.20.5.78
You an use a wildcard * in your IP search to return other subnets or devices that also match, so for instance 10.20.*.* will return a wider selection of resources like everything in the 10.20.4 and 10.20.0 subnets.
So that's a quick look at using Hava Custom Search using the IP: search parameter.
You can also search using other parameters like:
- region: - everything running in a specific region
- id: - all resources with this id
- name: - all resources with the matching name tag
- vpc: - matching VPC ids (GCP & AWS)
- subnet: - everything in the nominated subnet
- virtual_network: - everything in the nominated Microsoft Azure virtual network
- resource_group: - everything in this Azure resource group
- project: - everything in this GCP project
- type: - matching resource types (ie AWS S3 Buckets)
- source: - everything in the specified data source (cloud account)
you can stack search criteria using and/or operators
you may use brackets, negatives to make quite complex search commands that enable you to pinpoint exactly what you are looking for while excluding the resources you are not interested in viewing on your custom view.
If you are not currently using Hava, you can learn more here:
