IPNetRecord¶

The IPNetRecord asset type in the OWASP Open Asset Model (OAM) represents authoritative registration data for a block of IP addresses (IPv4 or IPv6), typically retrieved from a Regional Internet Registry (RIR) via the RDAP protocol. This record captures the ownership, administrative, and organizational context of a given CIDR allocation.

Definition: An IPNetRecord models a registered IP network block with accompanying metadata such as handle, range, status, country, and registration dates. It mirrors RDAP responses from RIRs like ARIN, RIPE, APNIC, AFRINIC, and LACNIC.
Purpose: By modeling IP allocations as assets, IPNetRecord entries allow external infrastructure to be tied back to real-world entities. This is essential for attribution, provider relationships, and BGP analysis. It enables analysts to query: “Who owns this IP range?”, “What organization controls this infrastructure?”, or “Which AS announces this block?”
Design Choice: The IPNetRecord structure preserves key fields from RDAP while ensuring they are queryable in graph form. CIDR blocks are expressed as typed network prefixes with explicit start and end addresses. Optional fields provide additional semantics for routing origin, delegation hierarchy, and jurisdictional scope.

The IPNetRecord asset enables infrastructure attribution, jurisdictional mapping, and inter-provider analysis within the OAM graph, anchoring raw IPs and services in a meaningful real-world context.

IPNetRecord Attributes¶

Attributes	Type	Description
`cidr`	CIDR prefix	The registered network range in CIDR notation (e.g., `192.0.2.0/24`)
`handle`	string	RIR-assigned handle for the record
`name`	string	Name associated with the registration (e.g., organization or role)
`type`	string	Type of allocation (e.g., `ALLOCATED`, `ASSIGNED`)
`start_address`	IP address	First IP in the range
`end_address`	IP address	Last IP in the range
`created_date`	string (ISO)	Date the block was initially registered
`updated_date`	string (ISO)	Most recent modification date
`status`	array of strings	Optional flags such as `active`, `allocated`, `legacy`
`whois_server`	string	RIR WHOIS or RDAP server used to retrieve the data
`method`	string	Discovery method (e.g., `RDAP`, `WHOIS`)
`country`	string (ISO)	Country code associated with the allocation (e.g., `US`)
`parent_handle`	string	Handle of the parent allocation, if applicable
`raw`	string	Raw RDAP or WHOIS response preserved for auditing

IPNetRecord Properties¶

Property Type	Property Name	Description
`SimpleProperty`	`last_monitored`	Timestamp of the last time this record was updated or verified
`SourceProperty`	Source Plugin Name	Indicates which data source retrieved the registration

IPNetRecord Outgoing Relations¶

graph TD
iprec["IPNetRecord (192.0.2.0/24)"]
whois["FQDN"]
whoisRel@{ shape: braces, label: "whois_server" }
iprec --o whoisRel
whoisRel --> whois

contact["ContactRecord"]
contactrel@{ shape: braces, label: "registrant
admin_contact
abuse_contact
technical_contact" }
iprec --o contactrel
contactrel --> contact

url["URL"]
urlRel@{ shape: braces, label: "rdap_url" }
iprec --o urlRel
urlRel --> url

Relation Type	Relation Label	Target Assets	Description
`SimpleRelation`	`whois_server`	`FQDN`	Links the netblock registration information with the correct WHOIS server
`SimpleRelation`	`registrant`	`ContactRecord`	Links the netblock registration information with registrant contact information
`SimpleRelation`	`admin_contact`	`ContactRecord`	Links the netblock registration information with admin contact information
`SimpleRelation`	`abuse_contact`	`ContactRecord`	Links the netblock registration information with contact information for abuse reporting
`SimpleRelation`	`technical_contact`	`ContactRecord`	Links the netblock registration information with contact information of technical personnel
`SimpleRelation`	`rdap_url`	`URL`	Links the netblock registration information to its associated web page