Deny or allow IP addresses

Manage IP policy in your organization with denylists, allowlists (trusted hosts) and source names. Organization Administrators and RulesAdmins can go to User menu > Policy Management > IP Management to create and manage your preferences.

  • IP denylists: Set rules to block IP addresses. This is appropriate for immediate triage until you can put a more permanent Protect policy in place or conduct an investigation.

  • IP allowlists: Mark trusted hosts conducting internal vulnerability scans as safe. Keep Contrast free from non-attack data. Allowing an IP disables the Protect features of Contrast for this IP (or range), including blocking and reporting. Assess features remain unaffected, and continue to function as normal. Data for allowlisted IP addresses does not appear in Contrast.

  • Source names: Label attack events caused by known sources, such as pen testers, based on one or more IP addresses or subnet masks. When you view attacks in the Attacks > Monitor and Attack Details pages, Contrast displays the source name instead of the attacker's IP information. This allows you to quickly identify and differentiate expected events from attack events that need your attention.