Subnet lists
In Incidents & Events, you can define subnet lists which can be added to subnet groups.
Subnet lists and groups can be used to create a whitelist or blacklist in event handlers.
Creating a subnet list
To create a new subnet:
- Go to Incidents & Events > Subnet Lists.
- Select Create New > Subnet.
- Enter a name for the subnet.
- Select a Subnet type and configure the corresponding information. Subnet types include: l Subnet Notation l IP Range l Batch Add
- Select OK.
Once a subnet has been created, it can be edited, cloned, or deleted by highlighting it and selecting the corresponding action in Subnet List toolbar.
Creating a subnet group
To create a subnet group:
- Go to Incidents & Events > Subnet List.
- Select Create New > Subnet Group.
- Enter a name for the subnet group.
- Select the subnet entries to be included in the group and select OK in the pop-up window.
- Select OK.
Once a subnet group has been created, it can be edited, cloned, or deleted by highlighting it and selecting the corresponding action in Subnet List toolbar.
Assigning subnet filters to event handlers
You can streamline SOC processes by defining a subnet whitelist/blacklist for event handlers. These addresses can be linked to any event handler to enable or prevent it from triggering an event. Creating a subnet whitelist/blacklist for event handlers eliminates the need to specify common networks in every event handler.
To include or exclude subnets in an event handler:
- Go to Incidents & Events > Event HandlerList.
- Select an event handler to edit from the list.
- In the Subnet category, select Specify.
- Choose which subnets to include or exclude by selecting them from the corresponding dropdown menu.
- Select OK.