HIAB E-mail Whitelisting

Purpose

This document describes what E-mails to whitelist when setting up a HIAB.

Introduction

In the case of monitoring and sending alerts based upon email addresses, this page list the current email addresses in use by a HIAB during a scanning job.

Whitelist Addresses

The following addresses that needs whitelisting is:

• nobody@example.com
• postmaster@<domain>
• probe@<domain>
• test_1@<domain>
• test_2@<domain>
• root@localhost
• root@host1@localhost

The <domain> is by default outpost24.com unless it has been manually configured in the scan policy as described in Scan Scheduling Mail.

If alerts is subdued based on payload, such as the listed email addresses, it can lead to an exploitation using new vulnerabilities you may not have addressed which can be missed. This can in turn lead to completely missing a breach in your organization.

The recommendation is that the filtering is based on the origin of the traffic or payloads. This still allow filtering out all false positives for alerts in your monitoring, while also ensuring that you are not impacted by potentially dangerous false negatives.

This list may change as we add new detection scripts, any future changes or additions to these email addresses will be included in our Release Notes.

Related Articles

_Copyright

_{© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.}

_Trademark

_{Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.}