Most companies have additional security measures in their network besides our Honeypot. Those solutions may scan the network for hosts and open ports. This may trigger your Honeypot to alert about unwanted activity. There are other sources which may trigger "false positives". You can whitelist these sources to ignore their activity.

Always check the source of a detection before whitelisting! The source may seem legitimate or unharmful but you may want to check if you want the source to be able to reach your Honeypot.

We also recommend to only whitelist the ports you expect to receive detections from with your Honeypot. You will not receive detections when you have whitelisted all ports of a source in case the source gets hacked.

You can whitelist a source quickly with our "Whitelist" button when you view a detection. This button will whitelist the source IP combined with destination Port.

It is also possible to manually add source IP's and destination Ports to your whitelist. Go to the SecurityHive Portal, click "Organization" and click "Whitelisting". You can add a whitelist record by clicking "Add Record".

Source IP: enter the IP-address of the host you want to ignore.
​Destination Port: enter the port (example: 80), portrange (example: 22-443) or wildcard (*) you want to ignore (this applies to detections from the Source IP on Ports on the Honeypot).
​Comment: add a comment to let others in your organization know why you whitelisted this source.