Public Accessibility Allow List

Some of your network resources may be deliberately accessible from the public internet. As such, you may not want these resources to be flagged as non-compliant for the Compute Instance Open To The Public Insight (and Instance Open To The Public Query Filter). To avoid unnecessarily flagging additional Insights and increasing your risk score, you need to update the Public Accessibility Allow List. Domain Admins can add allow list entries for Classless Inter-Domain Routing (CIDR) blocks of IP addresses (IPv4 or IPv6) or domain names. You can also add values in bulk using a CSV file.

Public accessibility only determined by Compute Instance Open To The Public Insight

Though there are other similar Insights that track public accessibility for specific resources (for example: Data Stream Publicly Accessible (Azure) and Container Registry Open to the Public), InsightCloudSec calculates public accessibility based on the Compute Instance Open To The Public Insight (and Instance Open To The Public Query Filter).

Adding or managing single CIDR blocks or domains

To add a value:

  1. Log in to InsightCloudSec as a Domain Admin.
  2. Navigate to Settings > System Administration > Public Accessibility.
  3. Choose which value type to add:
    1. For adding a CIDR block, click IP Allow List.
    2. For adding a domain, click Domain Allow List.
  4. Click Add > Add Value.
  5. Provide a value and an optional description. For domains, you also need to provide an operator.
  6. Click Save.

To edit a value:

  1. Log in to InsightCloudSec as a Domain Admin.
  2. Navigate to Settings > System Administration > Public Accessibility.
  3. Choose which value type to edit:
    1. For a CIDR block, click IP Allow List.
    2. For a domain, click Domain Allow List.
  4. Click the Action menu (...) > Edit Value next to the value you want to edit.
  5. Adjust the values or description as necessary.
  6. Click Save.

To delete a value:

  1. Log in to InsightCloudSec as a Domain Admin.
  2. Navigate to Settings > System Administration > Public Accessibility.
  3. Choose which value type to delete:
    1. For a CIDR block, click IP Allow List.
    2. For a domain, click Domain Allow List.
  4. Click the Action menu (...) > Delete Value next to the value you want to delete.
  5. Click Delete to confirm the deletion.
Adding or managing multiple CIDR blocks or domains

You can add multiple allow list values at the same time using a CSV file, but it needs to follow a specific format. If you are adding CIDR blocks, your comma-separated values need the following format: <CIDR block>,<notes>. For example, 10.10.1.0/24,my first subnet. If you are adding domains, your comma-separated values need the following format: <domain>,<operation>,<notes>. For example, my-domain,startswith,all of my-domain. The following is an example CSV:

csv
1
domain,op,notes
2
gcp-compute-instance,startswith,gcp-compute-instance.dns-zone.rapid7.com
3
eastus2.cloudapp.azure.com,equals,eastus2.cloudapp.azure.com
4
id-id2.elb.us-east-2.amazonaws.com,equals,"Instance"
5
id.us-east-2.compute.internal
6
NIC
7
ec2-id.us-east-2.compute.amazonaws.com
8
LB
9
id1-id2.elb.us-east-2.amazonaws.com"
10
test.com,endswith,test desc

To add multiple values (.csv file upload):

  1. Log in to InsightCloudSec as a Domain Admin.
  2. Navigate to Settings > System Administration > Public Accessibility.
  3. Choose which value type to add:
    1. For adding multiple CIDR blocks, click IP Allow List.
    2. For adding multiple domains, click Domain Allow List.
  4. Click Add > Import CSV.
  5. Click Choose File. A local file browser opens.
  6. Select a local .csv file and then click Open.
  7. Click Import.

To delete multiple values:

  1. Log in to InsightCloudSec as a Domain Admin.
  2. Navigate to Settings > System Administration > Public Accessibility.
  3. Choose which value type to delete:
    1. For a CIDR block, click IP Allow List.
    2. For a domain, click Domain Allow List.
  4. Select the checkbox next to the values you want to delete.
  5. Click Delete to confirm the deletion.