Applying Whitelist Policies | Best Practices

In This Article


A whitelist policy allows you to define a list of IP addresses allowed to communicate with hosts in an Alert Logic® Threat Manager™ protected network. Whitelists help ensure you do not use resources monitoring permitted communication.

Whitelists can be created and then applied to agents and span ports/networks in the Alert Logic console.

Applying a Whitelist Policy to an Agent

Once a whitelist policy is created, the whitelist policy must be assigned to an assignment policy/appliance. The assignment policy then applies the whitelist policy to the agents with that particular assignment policy, and therefore will stop the agent sending the traffic to the appliance.

For procedures on creating a whitelist policy and assigning the policy to an appliance, refer to our Whitelist policies documentation. 

Applying a Whitelist Policy to a Span Port/Network

Once a whitelist policy is created, the whitelist policy must be added to a monitoring policy. With this setup, the traffic is dropped when received via a span port and therefore will not be sent to the appliance.

For a procedure on creating a whitelist policy, refer to Create a whitelist policy.

For a procedure on creating a monitoring policy, refer to Create a monitoring policy. Step 7 in this procedure describes how to assign a whitelist policy to the monitoring policy.

Additional Information

For more information about whitelist policies and other Threat Manager policies, refer to our Threat Manager Policies documentation. 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


Please sign in to leave a comment.