Manage IP policy in your organization with blacklists, whitelists (trusted hosts) and source names. Users with Organization Admin and Rules Admin permissions can go to the user menu > Policy Management > IP Management tab to create and manage your preferences.
Use source names to quickly identify non-threatening internal traffic and testing while monitoring attack events in your organization.
Source names allow you to label one or more IP addresses and/or subnet masks with a display name of your choice. To create a source name, all you need is the IP information you want to mark and a unique name you'll recognize in the Contrast UI. Once the source name is saved, Contrast displays it in the Attacks > Monitor page as well as the Attacks Details page instead of the user's IP information. You and other users in your organization can then quickly identify the named attacker as a known source when assessing attack events.
To set up source names, go to the user menu > Policy Management > IP Management page, and select the Source Names tab. Click the button to Add Source Name. In the Add Source Name form, complete the following fields:
Once a source name is added in your organization, it appears in the grid in the Source Names tab. Use the search field above the grid to find a grouping by source name or IP address.
For more information about using source names to view attackers and attack events, see Monitor Attacks.
To edit a source name, click on the name in the Source Names grid. Use the Edit Source Name form to update the necessary fields. Once you're finished making changes, select the Save button.
When a source name is updated, the UI reflects the changes for all applicable attack events. If you change the IP information or time criteria for the name, and some events no longer qualify, the name is removed from the events and replaced with the IP information.
To delete a source name, you can select the source name, and click on the trashcan icon below the Edit Source Name form. You can also select the trashcan icon in the Source Names grid.
Once the name is deleted, all references to the name are replaced with the IP information in the UI.
If the data reported for an attack event matches more than one source name, Contrast applies the name that you updated most recently.