Trusted IP Addresses on Prisma Cloud
Add trusted IP addresses to permit access to the management interfaces or to label your internal networks on Prisma™ Cloud and exclude them from anomaly alerts and RQL queries.
Prisma™ Cloud enables you to specify IP addresses or CIDR ranges for:
- Trusted Login IP Addresses—Restrict access to the Prisma Cloud administrator console and API to only the specified source IP addresses.
- Trusted Alert IP Addresses—If you have internal networks that connect to your public cloud infrastructure, you can add these IP address ranges (or CIDR blocks) as trusted on Prisma Cloud. When you add IP addresses to this list, you can create a label to identify your internal networks that are not in the private IP address space to make alert analysis easier. When you visualize network traffic on the Prisma CloudInvestigatetab, instead of flagging your internal IP addresses as internet or external IP addresses, the service can identify these networks with the labels you provide.Prisma Cloud default network policies that look for internet exposed instances also do not generate alerts when the source IP address is included in the trusted IP address list and the account hijacking anomaly policy filters out activities from known IP addresses. Also, when you use RQL to query network traffic, you can filter out traffic from known networks that are included in the trusted IP address list.
- Anomaly Trusted List—Exclude trusted IP addresses when conducting tests for PCI compliance or penetration testing on your network. Any addresses included in this list do not generate alerts against the Prisma Cloud Anomaly Policies that detect unusual network activity such as the policies that detect internal port scan and port sweep activity, which are enabled by default.
To add an IP address to the trusted list:
- Add an Alert IP address.
- SelectSettingsTrusted Alert IP Addresses+ Add New
- Enter a name or label for theNetwork.
- Enter theCIDRand, optionally, add aDescriptionand then clickDone.Enter the CIDR block for IP addresses that are routable through the public internet, you cannot add a private CIDR block. The IP addresses you enter may take up to 15 minutes to take effect, and when you run a network query, the trusted IP addresses are appropriately classified for new data ingested.Because Trusted IP lists are applied during ingestion, any modifications to the list are not retroactive on previously ingested data. If you add or remove an IP address to the list, the classification for the IP address is in effect for queries against data ingested after you make the change.
- Add a Login IP address.
- Select.SettingsTrusted Login IP Addresses+ Add New
- Enter aNameand, optionally aDescription.
- Enter theCIDRandCreatethe new login IP address entry.
- Verify that the IP address you are logged in with is included in the list.If you are logged in from an IP address that is not listed as a trusted IP address, you will be logged out as soon as you save your changes and can no longer access the Prisma Cloud administrator console and API interface.
- Enablethe IP address.
- Add an IP Address to theAnomaly Trusted List.
- Select.SettingsAnomaly SettingsAnomaly Trusted ListYou must have the correct role, such as the System Administrator role on Prisma Cloud to view or edit the Anomaly Settings page. See Prisma Cloud Administrator Permissions for the roles that have access.
- .Add NewIP Address
- Enter aTrusted List Nameand, optionally aDescription.
- Select the Anomaly Policies for which you do not want to generate alerts.
- Enter theIP Addresses.You can enter one or more IP addresses in the CIDR format. By default, the IP addresses you add to the trusted list are excluded from generating alerts against any (all) cloud accounts that are onboarded to Prisma Cloud.
- (Optional) ToggleHide Advanced Settingsto select anAccount IDandVPC ID.You can select only one Account and VPC ID, or set it to Any to exclude any account that is added to Prisma Cloud.
- Savethe list.When you save the list, for the selected anomaly policies that detect network issues such as network reconnaissance, network evasion, or resource misuse, Prisma Cloud will not generate alerts for the IP addresses included in this list.Only the administrator who created the list can modify the name, description, Account ID and VPC ID; Other administrators with the correct role can add or delete IP address entries on the trusted list.
Recommended For You
Recommended videos not found.