Custom Whitelisting Beta

Updated 2 weeks ago by Andrew Hill

Motivation

What if you want to whitlelist network tools, but only for your network administrators? Well now you can

You can create whitelist rules like

email = 'admin1@company.com' OR 'admin2@company.com'
AND
malicious_file_name = 'PuTTy'

How To

  1. Select an app result of the type you would like to whitelist, and select Add to Whitelist as usual
  2. Click Custom in the bottom left
  3. A list of all attribute paths will populate, each with a text field. Fill in the desired values.
    1. Options are OR if within the same box. Each box is then combined with an AND.
    2. For example, in the picture above, you will whitelist items which match all of the following
      1. Result = "success" AND
      2. description = "Update user" AND
      3. principalName = "adm@cm.com" or "az@cm.com"
  4. Select Apply to existing if desired, and click Add


How did we do?


Powered by HelpDocs

Powered by HelpDocs