Skip to main content
Whitelist

You can whitelist source IP's to ignore any detections from monitoring tools, false positives or self generated traffic.

Updated over 10 months ago

Most companies have additional security measures in their network besides our Honeypot. Those solutions may scan the network for hosts and open ports. This may trigger your Honeypot to alert about unwanted activity. There are other sources which may trigger "false positives". You can whitelist these sources to ignore their activity.

Always check the source of a detection before whitelisting! The source may seem legitimate or unharmful but you may want to check if you want the source to be able to reach your Honeypot.

We also recommend to only whitelist the ports you expect to receive detections from with your Honeypot. You will not receive detections when you have whitelisted all ports of a source in case the source gets hacked.

Quick whitelist

You can whitelist a source quickly with our "Whitelist" button when you view a detection. This button will whitelist the source IP combined with destination Port.

Screenshot+2020-03-17+at+11.54.43.png?expires=1621411375&signature=a779c37019ff8b8d9ab8423d6e37ca8fa5e436ae00e3b3e2104a4137ff915a9a
Screenshot+2020-03-17+at+11.53.58.png?expires=1621411375&signature=a0f49d00a569b910dbf77b5d318dde8a471240871663c905c81a70bf1c3960f6

Manual whitelist

It is also possible to manually add source IP's and destination Ports to your whitelist. Go to the SecurityHive Portal, click "Organization" and click "Whitelisting". You can add a whitelist record by clicking "Add Record".

Source IP: enter the IP-address of the host you want to ignore.
โ€‹Destination Port: enter the port (example: 80), portrange (example: 22-443) or wildcard (*) you want to ignore (this applies to detections from the Source IP on Ports on the Honeypot).
โ€‹Comment: add a comment to let others in your organization know why you whitelisted this source.

Screenshot+2020-03-17+at+11.56.41.png?expires=1621411375&signature=aaaf6dafb4f741d67cc7c9e2f7e9b10edfef81179018801e7e665e00120a5734

Did this answer your question?