A whitelist policy allows you to define a list of IP addresses allowed to communicate with network intrusion detection system (IDS) protected network. Whitelists help ensure you do not exhaust resources monitoring permitted communication. Utilize the following information to create, assign, update, or delete assignment policies.
Note: The following information applies only to those customers who have Alert Logic® Cloud Defender™ or Alert Logic Threat Manager™ entitlements.
Note: This information and more can also be found within Alert Logic Product Documentation.
Create a Whitelist Policy
Network IDS allows you to create whitelist policies and assign them to an appliance. Create a whitelist policy using the following steps in the Alert Logic console:
- Navigate to Configuration > Network IDS > Policies.
- Click Whitelist.
- Click the yellow Add icon.
- In the Host Name field, type a name for the whitelist policy.
- Select Enabled to enable the whitelist configuration upon saving.
Note: You are not required to immediately enable the whitelist policy. You can create whitelist policies and enable them later. - Create one or more rules by entering information for the following fields: Protocol, CIDR, and Port.
- Click Save.
Note: To activate the whitelist policy, you must assign it to an appliance.
Assign a Whitelist Policy
Network IDS allows you to assign a saved whitelist policy to an appliance. Assign a whitelist policy using the following steps in the Alert Logic console:
- Navigate to Configuration > Network IDS > Policies.
- Click Assignment.
- In the list of policies, click on the pencil icon for the appliance to which you would like to assign a whitelist policy.
- Select a whitelist from the Select a whitelist drop-down list.
- Click Save.
Note: You can also add whitelist policies to monitoring policies.
Edit a Whitelist Policy
Network IDS allows you to edit existing whitelist policies. Edit a whitelist policy using the following steps in the Alert Logic console:
- Navigate to Configuration > Network IDS > Policies.
- Click Whitelist.
- In the list of whitelists, click the pencil icon for the whitelist you want to edit.
- Enter a new name in the Host Name field.
- Toggle the Enabled switch to activate or deactivate the whitelist.
- Create one or more rules by entering information for the following fields: Protocol, CIDR, and Port.
Note: A whitelist policy may contain more than one rule. - Click Save.
Delete a Whitelist Policy
Network IDS allows you to delete whitelist policies. Delete a whitelist policy using the following steps in the Alert Logic console:
- Navigate to Configuration > Network IDS > Policies.
- Click Whitelist.
- Click the trash icon to the right of the whitelist policy you want to delete.
- Click Delete.
Comments
0 comments
Please sign in to leave a comment.