Skip to main content

Blacklist and Whitelist Exclusions

What is an Exclusion?#

The Sensei Exclusions list consists of entries that you may use to allow or restrict connections destined to specified host(s), IP address(es), and domain(s)

You can define an exclusion as Whitelist or Blacklist.

info

Whitelist is an allowed destinations list and your users that match the policy can reach the destinations placed in this list without any restrictions.

Blacklist is the blocked destinations list that can never be accessed by your users that match the policy.

IMPORTANT

Exclusions take precedence over all your Security / App / Web rules.

Why do you need an Exclusion?#

You can employ exclusions to fine-tune Sensei's detecting behavior. By defining exclusions you can not only reduce false positives but also meet exceptional business requirements.

How to define an Exclusion?#

You can exclude an IPv4/ IPv6 address, domain, or hostname from scanning threats. These exclusions will apply to all devices in your network that match the related policy.

To manage your exclusions in a policy,

  • Select the policy name in the Policies list view of a node
  • Navigate to the Exclusions tab.

Add an Exclusion#

To add an exclusion,

  • Enter an IP address, hostname, or domain
info

You can enter hostnames, domains, and IP addresses.

Domains match all subdomains.

CIDR notation is acceptable for IP addresses.

For example: host.sub.domain.com, domain.com, 172.16.1.1, 10.10.0.0/16.

  • Select the type of Exclusion. By default, it is whitelist.
  • Enable the Global option if you want to define the exclusion to be applied for all policies on the node.
  • Click on the +Add exclusion button

Exclusion Tab

Figure 1. Managing Exclusions

Exclusion - Black List

Figure 2. Exclusion - Black List

Search Exclusion#

Exclusion - Search

Figure 3. Exclusion - Search

You can filter your blacklist/whitelist entries by using search criteria. When you start to type the IP/hostname it will filter out the results instantly.

View Exclusions#

You can view your exclusions on the All Exclusion pane. By default both your Whitelist and Blacklistare displayed in this pane. The following information is provided in the Exclusions list view:

  • Hostname/Domain/IP address
  • Tag (if Global option is enabled Global tag displayed )
  • Exclusion Type (Whitelist/Blacklist)
  • Admin name(Who defines the exclusion)
  • Date (Exclusion creation date)
  • Action button (Remove)

Exclusion - White List

Figure 4. Exclusion - White List

Also, you can view your Whitelist exclusions under the White list tab or view your Blacklist exclusions under the Black list tab in the All Exclusions pane.

Delete an Exclusion#

To delete an exclusion in a policy,

  • Search the domain/hostname/IP of the exclusion that you want to delete

Click the trash icon in the search result. You will be prompted to as Figure 6.

  • Click Remove if you want to delete the exclusion.

Exclusion Delete Warning

Figure 5. Exclusion Delete Warning