Public Accessibility Allow List

Some of your Instance resources (such as AWS EC2 or Azure Virtual Machines) may be deliberately accessible from the public internet, and as such, you may not want them flagged as non-compliant. To prevent flagging Insights and increasing your risk score, you need to update the Public Accessibility Allow List. Domain Admins can add allow list entries for Classless Inter-Domain Routing (CIDR) blocks of IP addresses (IPv4 or IPv6) or domain names. You can also bulk-add entries using a CSV file.

⚠️

Public Accessibility Allow List support

The Public Accessibility Allow List can only override public accessibility status for the Instance resource type. InsightCloudSec calculates public accessibility for Instances using the Compute Instance Open To The Public Insight (and Instance Open To The Public Query Filter). To determine if another resource type is publicly accessible, view Assess public accessibility.

Adding or managing single CIDR blocks or domains

To add a value:

  1. Log in to InsightCloudSec as a Domain Admin.
  2. Navigate to Settings > System Administration > Public Accessibility.
  3. Choose which value type to add:
    1. For adding a CIDR block, click IP Allow List.
    2. For adding a domain, click Domain Allow List.
  4. Click Add > Add Value.
  5. Provide a value and an optional description. For domains, you also need to provide an operator.
  6. Click Save.

To edit a value:

  1. Log in to InsightCloudSec as a Domain Admin.
  2. Navigate to Settings > System Administration > Public Accessibility.
  3. Choose which value type to edit:
    1. For a CIDR block, click IP Allow List.
    2. For a domain, click Domain Allow List.
  4. Click the Action menu (…) > Edit Value next to the value you want to edit.
  5. Adjust the values or description as necessary.
  6. Click Save.

To delete a value:

  1. Log in to InsightCloudSec as a Domain Admin.
  2. Navigate to Settings > System Administration > Public Accessibility.
  3. Choose which value type to delete:
    1. For a CIDR block, click IP Allow List.
    2. For a domain, click Domain Allow List.
  4. Click the Action menu (…) > Delete Value next to the value you want to delete.
  5. Click Delete to confirm the deletion.

Adding or managing multiple CIDR blocks or domains

You can add multiple allow list values at the same time using a CSV file, but it needs to follow a specific format. If you are adding CIDR blocks, your comma-separated values need the following format: <CIDR block>,<notes>. For example, 10.10.1.0/24,my first subnet. If you are adding domains, your comma-separated values need the following format: <domain>,<operation>,<notes>. For example, my-domain,startswith,all of my-domain. The following is an example CSV:

domain,op,notes
gcp-compute-instance,startswith,gcp-compute-instance.dns-zone.rapid7.com
eastus2.cloudapp.azure.com,equals,eastus2.cloudapp.azure.com
id-id2.elb.us-east-2.amazonaws.com,equals,"Instance"
id.us-east-2.compute.internal
NIC
ec2-id.us-east-2.compute.amazonaws.com
LB
id1-id2.elb.us-east-2.amazonaws.com"
test.com,endswith,test desc

To add multiple values (.csv file upload):

  1. Log in to InsightCloudSec as a Domain Admin.
  2. Navigate to Settings > System Administration > Public Accessibility.
  3. Choose which value type to add:
    1. For adding multiple CIDR blocks, click IP Allow List.
    2. For adding multiple domains, click Domain Allow List.
  4. Click Add > Import CSV.
  5. Click Choose File. A local file browser opens.
  6. Select a local .csv file and then click Open.
  7. Click Import.

To delete multiple values:

  1. Log in to InsightCloudSec as a Domain Admin.
  2. Navigate to Settings > System Administration > Public Accessibility.
  3. Choose which value type to delete:
    1. For a CIDR block, click IP Allow List.
    2. For a domain, click Domain Allow List.
  4. Select the checkbox next to the values you want to delete.
  5. Click Delete to confirm the deletion.