Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1985
Views
0
Helpful
2
Replies

umbrella whitelist exclude

sfk
Level 1
Level 1

‎02-23-2022 08:43 AM

Hi,

 

We exclude certain parts of the Umbrella whitelist from threat alerts. What are the criteria for entering this whitelist? Do you think I should exclude the first 100k? Or more?

 

Thanks,

0 Helpful
2 Replies 2

Kshlerin
Level 1
Level 1

‎07-24-2023 09:17 AM - edited ‎08-03-2023 06:07 AM

Typically, items are added to a whitelist to exempt them from security filtering or threat alerts. This is usually done for trusted and safe resources or domains that are known to be legitimate and pose no security risks. Examples of items that might be added to a whitelist could include critical business applications, trusted partners' websites, or internal resources.

The decision of what to include in the whitelist should be based on a careful risk assessment and security analysis. It's essential to consider the potential impact of adding items to the whitelist and ensure that they are thoroughly vetted for security vulnerabilities.

As for the number of items to include in the whitelist, it really depends on the specific needs of your organization and the resources you want to exempt from threat alerts. There is no fixed rule regarding the number of items to whitelist. Start by including resources that are critical for your organization's operations and gradually add others as needed.

To determine the best approach for your organization, I recommend consulting with your IT security team or administrators. They can help you define the criteria for entering the whitelist and provide guidance on which resources should be included based on your organization's security requirements and risk assessment.

MyLabCorp

0 Helpful

Kshlerin
Level 1
Level 1

‎08-03-2023 05:56 AM - edited ‎08-03-2023 06:13 AM

KMF usa

The purpose of a whitelist is to allow specific applications, websites, or IP addresses to bypass security filters and not trigger threat alerts. Typically, these whitelisted items are considered safe and essential for your organization's operations. Conversely, items not on the whitelist are subject to closer scrutiny and may trigger alerts if they are potential security threats.

The decision of which items to whitelist should be based on factors such as:

1. **Business Needs**: Whitelist items that are essential for your business operations and should not be blocked, even if they might be flagged by the security system.

2. **Known Trusted Sources**: Whitelist well-known and trusted websites, applications, and IP addresses that are widely used in your organization.

3. **Critical Infrastructure**: Whitelist items related to critical infrastructure or core business services to ensure uninterrupted access.

4. **Testing and Development**: Whitelist items used for testing and development purposes to prevent interference with your projects.

5. **Third-Party Services**: Whitelist third-party services that are essential for your organization's functioning.

Deciding whether to exclude the first 100k or more items depends on your organization's size, the number of applications and services used, and your risk assessment. It's essential to regularly review and update the whitelist to maintain security and avoid potential risks.

I recommend consulting with your organization's IT and security teams to determine the appropriate criteria for whitelist inclusion and the number of items to exclude. They can provide insights based on your specific security policies and operational needs.

0 Helpful
Customers Also Viewed These Support Documents