Currently when an identity logs in from an IP that is indicated as being part of some VPN, our only real options are to dismiss or create an Expected rule for that entire VPN. This is not ideal and we would prefer to be able to create expected rules for that single IP or a smaller range of IPs.

Sometimes (has happened to us several times recently) upon digging in, we find that an IP is simply miscategorized after being moved/purchased, and is no longer part of the reported VPN/Proxy, so it would be much better if we are able to just add that one IP which is reportedly part of the given VPN/Proxy. That way we can still be alerted of other logins from the given VPN provider.