Trusted IP Addresses on Prisma Cloud

Add trusted IP addresses to permit access to the management interfaces or to label your internal networks on Prisma™ Cloud and exclude them from anomaly alerts and RQL queries.
Prisma™ Cloud enables you to specify IP addresses or CIDR ranges for:
  • Trusted Login IP Addresses
    —Restrict access to the Prisma Cloud administrator console and API to only the specified source IP addresses.
  • Trusted Alert IP Addresses
    —If you have internal networks that connect to your public cloud infrastructure, you can add these IP address ranges (or CIDR blocks) as trusted on Prisma Cloud. When you add IP addresses to this list, you can create a label to identify your internal networks that are not in the private IP address space to make alert analysis easier. When you visualize network traffic on the Prisma Cloud
    Investigate
    tab, instead of flagging your internal IP addresses as internet or external IP addresses, the service can identify these networks with the labels you provide.
    Prisma Cloud default network policies that look for internet exposed instances also do not generate alerts when the source IP address is included in the trusted IP address list and the account hijacking anomaly policy filters out activities from known IP addresses. Also, when you use RQL to query network traffic, you can filter out traffic from known networks that are included in the trusted IP address list.
  • Anomaly Trusted List
    —Exclude trusted IP addresses when conducting tests for PCI compliance or penetration testing on your network. Any addresses included in this list do not generate alerts against the Prisma Cloud Anomaly Policies that detect unusual network activity such as the policies that detect internal port scan and port sweep activity, which are enabled by default.
To add an IP address to the trusted list:
  • Add an Alert IP address.
    1. Select
      Settings
      Trusted Alert IP Addresses
      + Add New
      You must have the System Administrator role on Prisma Cloud to view or edit the Trusted IP Addresses page. See Prisma Cloud Administrator Permissions.
    2. Enter a name or label for the
      Network
      .
    3. Enter the
      CIDR
      and, optionally, add a
      Description
      and then click
      Done
      .
      Enter the CIDR block for IP addresses that are routable through the public internet, you cannot add a private CIDR block. The IP addresses you enter may take up to 15 minutes to take effect.
      The trusted IP addresses are appropriately classified when you run a network query.
  • Add a Login IP address.
    1. Select
      Settings
      Trusted Login IP Addresses
      + Add New
      .
      You must have the System Administrator role on Prisma Cloud to view or edit the Trusted IP Addresses page. See Prisma Cloud Administrator Permissions.
    2. Enter a
      Name
      and, optionally a
      Description
      .
    3. Enter the
      CIDR
      and
      Create
      the new login IP address entry.
    4. Verify that the IP address you are logged in with is included in the list.
      If you are logged in from an IP address that is not listed as a trusted IP address, you will be logged out as soon as you save your changes and can no longer access the Prisma Cloud administrator console and API interface.
    5. Enable
      the IP address.
  • Add an IP Address to the
    Anomaly Trusted List
    .
    1. Select
      Settings
      Anomaly Settings
      .
      You must have the correct role, such as the System Administrator role on Prisma Cloud to view or edit the Anomaly Settings page. See Prisma Cloud Administrator Permissions for the roles that have access.
    2. Add New
      IP Address
      .
    3. Enter a
      Trusted List Name
      and, optionally a
      Description
      .
    4. Select the Anomaly Policies for which you do not want to generate alerts.
    5. Enter the
      IP Addresses
      .
      You can enter one or more IP addresses in the CIDR format. By default, the IP addresses you add to the trusted list are excluded from generating alerts against any (all) cloud accounts that are onboarded to Prisma Cloud.
    6. (
      Optional
      ) Toggle
      Hide Advanced Settings
      to select an
      Account ID
      and
      VPC ID
      .
      You can select only one Account and VPC ID, or set it to Any to exclude any account that is added to Prisma Cloud.
    7. Save
      the list.
      When you save the list, for the selected anomaly policies that detect network issues such as network reconnaissance, network evasion, or resource misuse, Prisma Cloud will not generate alerts for the IP addresses included in this list.
      Only the administrator who created the list can modify the name, description, Account ID and VPC ID; Other administrators with the correct role can add or delete IP address entries on the trusted list.

Recommended For You