In This Article
- Applying a Whitelist Policy to an Agent
- Applying a Whitelist Policy to a Span Port/Network
- Additional Information
A whitelist policy allows you to define a list of IP addresses allowed to communicate with hosts in an Alert Logic® Threat Manager™ protected network. Whitelists help ensure you do not use resources monitoring permitted communication.
Whitelists can be created and then applied to agents and span ports/networks in the Alert Logic user interface (UI).
Once a whitelist policy is created, the whitelist policy must be assigned to an assignment policy/appliance. The assignment policy then applies the whitelist policy to the agents with that particular assignment policy, and therefore will stop the agent sending the traffic to the appliance.
For procedures on creating a whitelist policy and assigning the policy to an appliance, refer to our Whitelist policies documentation.
Once a whitelist policy is created, the whitelist policy must be added to a monitoring policy. With this setup, the traffic is dropped when received via a span port and therefore will not be sent to the appliance.
For a procedure on creating a whitelist policy, refer to Create a whitelist policy.
For a procedure on creating a monitoring policy, refer to Create a monitoring policy. Step 7 in this procedure describes how to assign a whitelist policy to the monitoring policy.
For more information about whitelist policies and other Threat Manager policies, refer to our Threat Manager Policies documentation.