Trusted IP Addresses on Prisma Cloud
Add trusted IP addresses to permit access to the management interfaces or to label your internal networks on Prisma™ Cloud and exclude them from anomaly alerts and RQL queries.
Prisma™ Cloud enables you to specify IP addresses or CIDR ranges for:
- Trusted Login IP Addresses—Restrict access to the Prisma Cloud administrator console and API to only the specified source IP addresses.
- Trusted Alert IP Addresses—If you have internal networks that connect to your public cloud infrastructure, you can add these IP address ranges (or CIDR blocks) as trusted on Prisma Cloud. When you add IP addresses to this list, you can create a label to identify your internal networks that are not in the private IP address space to make alert analysis easier. When you visualize network traffic on the Prisma CloudInvestigatetab, instead of flagging your internal IP addresses as internet or external IP addresses, the service can identify these networks with the labels you provide.Prisma Cloud default network policies that look for internet exposed instances also do not generate alerts when the source IP address is included in the trusted IP address list and the account hijacking anomaly policy filters out activities from known IP addresses. Also, when you use RQL to query network traffic, you can filter out traffic from known networks that are included in the trusted IP address list.
- Anomaly Trusted List—Exclude trusted IP addresses when conducting tests for PCI compliance or penetration testing on your network. Any addresses included in this list do not generate alerts against the Prisma Cloud Anomaly Policies that detect unusual network activity such as the policies that detect internal port scan and port sweep activity, which are enabled by default.You can also choose various resource types or identifiers for which you want to Suppress Alerts for Prisma Cloud Anomaly Policies.
To add an IP address to the trusted list:
- Add an Alert IP address.
- SelectSettingsTrusted Alert IP Addresses+ Add New
- Enter a name or label for theNetwork.
- Enter theCIDRand, optionally, add aDescription, click theSaveicon ( ), and then clickDone.Enter the CIDR block for IP addresses that are routable through the public Internet, you cannot add a private CIDR block. The IP addresses you enter may take up to 15 minutes to take effect, and when you run a network query, the trusted IP addresses are appropriately classified for new data ingested.Because Trusted IP lists are applied during ingestion, any modifications to the list are not retroactive on previously ingested data. If you add or remove an IP address to the list, the classification for the IP address is in effect for queries against data ingested after you make the change.
- Add a Login IP address.
- Select.SettingsTrusted Login IP Addresses+ Add New
- Enter aNameand, optionally aDescription.
- Enter theCIDRandCreatethe new login IP address entry.As an example, if you enter 184.108.40.206/32, only one IP address is allowed. If you enter 220.127.116.11/24, it allows all IP addresses within the range of 18.104.22.168 to 22.214.171.124.When specifying a range of IP addresses, the last bit must be a 0. So, if you are logged in from the IP address 126.96.36.199, you can enter 188.8.131.52/32 or 184.108.40.206/24, but not 220.127.116.11/24.
- Verify that the IP addresses for your users who access the Prisma Cloud administrative console are included in the list.For the System Administrator role by default, Prisma Cloud checks that you are logged in from an IP address that is included within the CIDR range you have added, and you cannot delete your current IP address from the list. If the CIDR you entered does not include the IP addresses for all users who access the Prisma Cloud administrator console and API interface, they will be logged out as soon as you save your changes and will lose access to the Prisma Cloud administrator console and API interface.
- Enablethe IP address.
- Add an IP Address to theAnomaly Trusted List.
- Select.SettingsAnomaliesAnomaly SettingsAnomaly Trusted ListYou must have the correct role, such as the System Administrator role on Prisma Cloud to view or edit the Anomaly Settings page. See Prisma Cloud Administrator Permissions for the roles that have access.
- Get your IP address.Make sure that you know the IP address that you are logged in from and the CIDR range to which your IP address belongs.
- .Add Trusted ListIP Address
- Enter aTrusted List Nameand, optionally aDescription.
- Select the Anomaly Policies for which you do not want to generate alerts.
- Enter theIP Addresses.You can enter one or more IP addresses in the CIDR format, which means you also include the network address. For example, 18.104.22.168/32 to specify an IP address or 22.214.171.124/24 to include all addresses within the range of 126.96.36.199 to 188.8.131.52. By default, the IP addresses you add to the trusted list are excluded from generating alerts against any (all) cloud accounts that are onboarded to Prisma Cloud.
- (Optional) Select anAccount IDandVPC IDfrom the drop-down list.You can select only one Account and VPC ID, or set it toAnyto exclude any account that is added to Prisma Cloud.
- Savethe list.When you save the list, for the selected anomaly policies that detect network issues such as network reconnaissance, network evasion, or resource misuse, Prisma Cloud will not generate alerts for the IP addresses included in this list.Only the administrator who created the list can modify the name, description, Account ID and VPC ID; Other administrators with the correct role can add or delete IP address entries on the trusted list.
- Add one or more Domain Names to theAnomaly Trusted List.
- Select.SettingsAnomaliesAnomaly SettingsAnomaly Trusted List
- .Add Trusted ListDomain
- Enter theTrusted List Nameand (optional)Description.
- Select the Anomaly Policy for which you want alerts to be triggered when they detect suspicious domains in DNS queries.
- Enter one or moreDomainsand (optional)Account IDfrom the drop-down list.You can select only one Account or set it toAnyto exclude any account that is added to Prisma Cloud.
- Save.For the domain names that you’ve added to this Domain Trusted List, the DNS anomaly policies will not generate alerts.
Recommended For You
Recommended videos not found.