IP Groups allow you to create re-usable collections of IP addresses and/or CIDR blocks across multiple tCell features as well as multiple tCell applications.
The following features support selecting by IP Group:
Advanced blocking rules
Suspicious Actors allowlisting
App Firewall event filtering*
*Contact your Rapid7 Customer Success rep to request the ability to filter App Firewall events. For more information, see Firewall Event Filtering (Event Excluding).
You can also block groups of IPs by country without having to identify individual IP addresses or IP Groups. For more information see, Blocking Rules.
Create IP Groups
Entries in an IP Group can be changed at any time, and will typically be reflected in live agents in a minute or less. Very long lists of IP addresses will incur some additional cost in matching during live http requests, so you may want to test for performance concerns if you are introducing a large number of entries into your IP groups.
To create an IP group:
- On the Admin tab, select the IP Group tab.
- Enter a name and include a brief description of the IP group. Note: The IP Group name is also its ID. As a result, IP Groups cannot be renamed while in use by application policies.
- In Add New IP, select either IP or CIDR block from the dropdown menu.
- Enter the IP address or CIDR block.
- Click Save.
You can also use the API to add, delete, and list IP Groups and IP group items. Test the IP Groups APIs here.