IP Groups allow you to create re-usable collections of IP addresses and/or CIDR blocks across multiple tCell features as well as multiple tCell applications.
You can also use the API to add, delete, and list IP Groups and IP group items. Test the IP Groups APIs here.
The following features support selecting by IP Group:
Advanced blocking rules
Suspicious Actors allowlisting
App Firewall event filtering*
*Contact your Rapid7 Customer Success rep to request the ability to filter App Firewall events. For more information, see Firewall Event Filtering (Event Excluding).
To create an IP group, click on the Admin tab at the top of the tCell web UI, and select the IP Group item. IP Groups consist of a name and a list of IP addresses and/or CIDR blocks.
The IP Group name is effectively also its ID. As a result, IP Groups cannot be renamed while in use by application policies. Try to choose a name that will be meaningful to other staff before putting it into use.
Entries in an IP Group can be changed at any time, and will typically be reflected in live agents in a minute or less. Very long lists of IP address will incur some additional cost in matching during live http requests, so you may want to test for performance concerns if you are introducing a very large number of entries into your IP groups.