FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Not raise alert when Specific IP Send traffic

Malaik
DynaMight Champion
DynaMight Champion

‎07 Feb 2024 02:17 PM - last edited on ‎08 Feb 2024 07:45 AM by Community Team

Hello All,

I have a specific case:

The security team here send Scanning from specific IP, this scan implique Alerts (ApplicationXXX- Failure rate (HTTP 4xx errors) 

Is there any way to 'white list' this IP to not trigger alerts...

 

I made a custom attribute to catch the IP, an metric to raise Custom alert when the Scan is ongoing, but the team here want to not trigger any alert.

Sharing Knowledge
0 Kudos
Reply
2 REPLIES 2

ChadTurner
DynaMight Legend
DynaMight Legend

‎27 Mar 2024 05:39 PM

@Malaik What monitoring segment is alerting? Service/Process/App? I just want to be sure i point you in the right direction. My assumption is that its App level, and if thats correct you can exclude it per app: 

ChadTurner_0-1711560874976.png

If you are looking to block it at the service layer you might not be able to target the given IP but the request in general by muting it. 

 

-Chad
Reply

Malaik
DynaMight Champion
DynaMight Champion
In response to ChadTurner

‎28 Mar 2024 08:16 AM

Thanks Chad

 

I did it from the App level to whitelist, but unfortunately the traffic from that IPO still comes and captured (strange, dont know why).

 

I cannot also mute the request because it Dynamic one and changing every scan.

 

Thanks for your replay and help.

 

 

Sharing Knowledge
0 Kudos
Reply
Ask a question

Featured Posts