Public Accessibility Allow List
Some of your network resources may be deliberately accessible from the public internet. As such, you may not want these resources to be flagged as non-compliant for the Compute Instance Open To The Public
Insight (and Instance Open To The Public
Query Filter). To avoid unnecessarily flagging additional Insights and increasing your risk score, you need to update the Public Accessibility Allow List. Domain Admins can add allow list entries for Classless Inter-Domain Routing (CIDR) blocks of IP addresses (IPv4 or IPv6) or domain names. You can also add values in bulk using a CSV file.
Public accessibility only determined by Compute Instance Open To The Public Insight
Though there are other similar Insights that track public accessibility for specific resources (for example: Data Stream Publicly Accessible (Azure)
and Container Registry Open to the Public
), InsightCloudSec calculates public accessibility based on the Compute Instance Open To The Public
Insight (and Instance Open To The Public
Query Filter).
Adding or managing single CIDR blocks or domains
To add a value:
- Log in to InsightCloudSec as a Domain Admin.
- Navigate to Settings > System Administration > Public Accessibility.
- Choose which value type to add:
- For adding a CIDR block, click IP Allow List.
- For adding a domain, click Domain Allow List.
- Click Add > Add Value.
- Provide a value and an optional description. For domains, you also need to provide an operator.
- Click Save.
To edit a value:
- Log in to InsightCloudSec as a Domain Admin.
- Navigate to Settings > System Administration > Public Accessibility.
- Choose which value type to edit:
- For a CIDR block, click IP Allow List.
- For a domain, click Domain Allow List.
- Click the Action menu (...) > Edit Value next to the value you want to edit.
- Adjust the values or description as necessary.
- Click Save.
To delete a value:
- Log in to InsightCloudSec as a Domain Admin.
- Navigate to Settings > System Administration > Public Accessibility.
- Choose which value type to delete:
- For a CIDR block, click IP Allow List.
- For a domain, click Domain Allow List.
- Click the Action menu (...) > Delete Value next to the value you want to delete.
- Click Delete to confirm the deletion.
Adding or managing multiple CIDR blocks or domains
You can add multiple allow list values at the same time using a CSV file, but it needs to follow a specific format. If you are adding CIDR blocks, your comma-separated values need the following format: <CIDR block>,<notes>
. For example, 10.10.1.0/24,my first subnet
. If you are adding domains, your comma-separated values need the following format: <domain>,<operation>,<notes>
. For example, my-domain,startswith,all of my-domain
. The following is an example CSV:
csv
1domain,op,notes2gcp-compute-instance,startswith,gcp-compute-instance.dns-zone.rapid7.com3eastus2.cloudapp.azure.com,equals,eastus2.cloudapp.azure.com4id-id2.elb.us-east-2.amazonaws.com,equals,"Instance"5id.us-east-2.compute.internal6NIC7ec2-id.us-east-2.compute.amazonaws.com8LB9id1-id2.elb.us-east-2.amazonaws.com"10test.com,endswith,test desc
To add multiple values (.csv
file upload):
- Log in to InsightCloudSec as a Domain Admin.
- Navigate to Settings > System Administration > Public Accessibility.
- Choose which value type to add:
- For adding multiple CIDR blocks, click IP Allow List.
- For adding multiple domains, click Domain Allow List.
- Click Add > Import CSV.
- Click Choose File. A local file browser opens.
- Select a local
.csv
file and then click Open. - Click Import.
To delete multiple values:
- Log in to InsightCloudSec as a Domain Admin.
- Navigate to Settings > System Administration > Public Accessibility.
- Choose which value type to delete:
- For a CIDR block, click IP Allow List.
- For a domain, click Domain Allow List.
- Select the checkbox next to the values you want to delete.
- Click Delete to confirm the deletion.