SEKOIA.IO recently added IP addresses of Tor guard nodes to our observables. It is almost 4,200 IP addresses per day that are now enriched with the tag "tor:guard" and can be found in the Intelligence Center in the [Observables page](https://app.sekoia.io/intelligence/observables). Tor guard nodes are entry nodes for the Tor network. This new tag helps to better understand and qualify your network logs. With this new tag and the dedicated detection rule "TOR usage" available in our catalog in the Operation Center (XDR), you can see when an equipment from your perimeter is connecting to the Tor network.  Related resource: * [List of IP addresses related to Tor guard nodes](https://onionoo.torproject.org/summary?limit=10000&flag=guard&running=true)