07 Feb 2024 02:17 PM - last edited on 08 Feb 2024 07:45 AM by MaciejNeumann
Hello All,
I have a specific case:
The security team here send Scanning from specific IP, this scan implique Alerts (ApplicationXXX- Failure rate (HTTP 4xx errors)
Is there any way to 'white list' this IP to not trigger alerts...
I made a custom attribute to catch the IP, an metric to raise Custom alert when the Scan is ongoing, but the team here want to not trigger any alert.
27 Mar 2024 05:39 PM
@Malaik What monitoring segment is alerting? Service/Process/App? I just want to be sure i point you in the right direction. My assumption is that its App level, and if thats correct you can exclude it per app:
If you are looking to block it at the service layer you might not be able to target the given IP but the request in general by muting it.
28 Mar 2024 08:16 AM
Thanks Chad
I did it from the App level to whitelist, but unfortunately the traffic from that IPO still comes and captured (strange, dont know why).
I cannot also mute the request because it Dynamic one and changing every scan.
Thanks for your replay and help.
13 Aug 2024 11:50 AM
Hi @Malaik
Have you managed to solve the problem? It would be great if you shared the solution with the Community users 💡