Block or allow IP addresses

Manage IP policy in your organization with blocklists, allowlists (trusted hosts) and source names. Organization Administrators and RulesAdmins can go to User menu > Policy Management > IP Management to create and manage your preferences.

  • IP blocklists allow you to put rules in place to distrust IP addresses, which are then considered to be unacceptable. This is appropriate for immediate triage until you can put a more permanent Protect policy in place or conduct an investigation.

  • IP allowlists let you mark trusted hosts conducting internal vulnerability scans as safe to avoid polluting Contrast with non-attack data. This disables Protect features of Contrast for this IP (or range), including blocking and reporting. Assess features remain unaffected, and continue to function as normal. Data for allowlisted IP addresses does not appear in Contrast.

  • Source names allow you to label attack events caused by known sources, such as pen testers, based on one or more IP addresses or subnet masks. When you view attacks in the Attacks > Monitor and Attack Details pages, Contrast displays the source name instead of the attacker's IP information. This allows you to quickly identify and differentiate expected events from attack events that need your attention.