Putting IP Addresses on Blacklists or Whitelists
Add an IP address to a blacklist to automatically generate an alert when the IP address is detected, or add an IP address to a whitelist to suppress alerts when it is detected.
Oracle CASB Cloud Service ingests information about suspicious IP addresses from external threat feeds. These are listed in the Configuration section of the console, Manage IP Addresses page. In addition to discovering suspicious IP addresses from third parties, Oracle CASB Cloud Service can monitor for specific IP addresses and address ranges, and either whitelist or blacklist them.
-
Blacklisting: Oracle CASB Cloud Service creates threat alerts when it detects access from these IP addresses or address ranges.
-
Whitelisting: Oracle CASB Cloud Service never creates threat alerts when it detects one of these IP addresses or address ranges.
You can apply blacklisting and whitelisting universally or restrict it to particular application instances.
Exceptions to this functionality:
-
Office 365. You currently can't whitelist IP addresses that access Office 365 Exchange.
You can also designate trusted IP addresses and users that are to be excluded from consideration by the threat engine and user behavior analytics. For this functionality, you provide the information about the trusted entities directly to Oracle CASB Cloud Service.
Note:
You can control automatic whitelisting of trusted network addresses by selecting or deselecting the Allow Oracle CASB to automatically whitelist trusted network addresses check box - above the Blacklist and Whitelist tabs.
-
The IP address is not associated with any Tor network, botnet command and control server, or terrorist organization or state sponsor of terrorism as defined by the United States Department of State.
-
The top level domain linked to an IP Address and or CIDR block is owned or leased from a known cloud services or infrastructure provider (for example, AWS, Office 365, or Oracle Cloud Infrastructure).
-
The networking address is owned or leased by your organization.
-
The entry and exit ASN (autonomous system number) in the traceroute are owned by a reputable company.
-
Select Configuration, Manage IP addresses from the Navigation menu. If the Navigation Menu is not displayed, click the Navigation Menu icon to display it.
-
Select the tab for in which you want to search for IP addresses.
-
Click the Search icon and enter text to search for.
Note:
Text can appear in any field in the IP address record.