Last Updated: 2024-04-08
Purpose
This article describes what emails to whitelist when setting up a HIAB.
Introduction
This article outlines the email addresses that need to be whitelisted when configuring a HIAB for monitoring and alerts. It emphasizes the importance of proper filtering to avoid missing potential breaches due to false negatives while suggesting that filtering should be based on the origin of traffic or payloads. Additionally, any updates to this list of email addresses will be documented in the Release Notes.
Whitelist Addresses
The following addresses that needs whitelisting is:
-
nobody@example.com
-
postmaster@<domain>
-
probe@<domain>
-
test_1@<domain>
-
test_2@<domain>
-
root@localhost
-
root@host1@localhost
The <domain> is by default outpost24.com unless it has been manually configured in the scan policy as described in the Mail section in Scan Scheduling.
If alerts is subdued based on payload, such as the listed email addresses, it can lead to an exploitation using new vulnerabilities you may not have addressed which can be missed. This can in turn lead to completely missing a breach in your organization.
The recommendation is that the filtering is based on the origin of the traffic or payloads. This still allow filtering out all false positives for alerts in your monitoring, while also ensuring that you are not impacted by potentially dangerous false negatives.
This list may change as we add new detection scripts, any future changes or additions to these email addresses will be included in the Release Notes.
Related Articles
- Automatic Asset Joining With Netsec
- HIAB Console
- HIAB Deployment Guide
- HIAB Enrollment
- Testing Target System for Open TCP Ports
- Technical Specification
- Virtual HIAB Appliance
- HIAB Remote Support
- HIAB Setup Guide
- HIAB Server Settings
- Authenticated Scanning Using SMB
- How to Test SMB Authentication
- SMB Authentication from OUTSCAN/HIAB
- Windows 7
- Windows 8.1
- Windows 10/Windows 2019 Server
- Windows 2008 R2 Server
- Windows 2012 R2 Server
- Windows 2016 Server
- Core Installation
- Authenticated Scanning Using WinRM
- Authenticated Scanning Using SSH
- Compliance Scanning
- HIAB Distribution Settings
- Scan Stages
- Performing a PCI DSS Scan
- Scanning-Less Scanning
- Scanning Performance and Impact Tuning
- Complementary Authenticated Scan on Default Credentials
- Scan Scheduling
- Scanning Range
- Accept Risks
- Add Comments
- Advanced Report Filters
- Assign Tasks
- Change Risk Levels
- Create and Edit Event Notifications
- Event Notification Module
- Mark as False Positives
- Reporting Tools
- Report Scheduling
- Request Clarifications
- Run Verification Scans
- Using Farsight in Netsec
- Access Tokens
- Attributes
- Netsec Filters
- PCI Compliance Scanning
- Tickets Quick Start Guide
- Two Factor Authentication
- Create Targets
- Manage Targets
- Dynamic Target Group
- Using the Agent Info Command
- Updating the Agent
- Retrieving the Agent UUID
- Adding Agent Attributes
- Checking if Agent is Running
- Updating Agent Attributes
- Finding the Agent Version
- Retrieving Results From the Agent in OUTSCAN
- Discovering the Agent in OUTSCAN
- Removing an Agent from Windows
- Finding New Agents In OUTSCAN
- Firewall Setup for Agents
- Checking if the Agent has Produced Results
- Agent Licensing
- Setting Up an Agent Using System Proxy
- Agent Latest Version
- Agent Call Home
- Configuring and Accessing the HIAB console using SSH
- HIAB Backup
- Firewall Rules
- HIAB Maintenance Settings
- HIAB Remote SSH Guide
- HIAB Restore
- HIAB Updates
- Account Settings
- Auditing Guide
- Manage Users
- User Groups
- User Roles
- Overview
- Amazon
- ArcSight (HIAB only)
- Atlassian Jira
- CyberArk
- Database Connector (HIAB only)
- ADFS Identity Provider Configuration
- Adjust Identity Provider SAML Metadata File
- Azure AD Identity Provider Configuration
- Identity Provider Settings
- Okta Identity Provider Configuration
- OneLogin Identity Provider Configuration
- LDAP/AD
- ServiceNow - Legacy
- SNMP (HIAB only)
- Splunk
- Syslog (HIAB only)
- Thycotic
- ServiceNow - App
- Understanding Scanner and Scheduler
- Check Connectivity to Agent Server
- Appliance Logs
- DNS Lookup in UI and in Console
- O24AUTH
- Scanning Critical Industrial Devices/Machines
- Scan Scheduling Errors
- Setting up a HIAB as an Appsec Scale Scanner
- Removing an Agent from Linux
- Create Users
- HIAB E-mail Whitelisting
- Converting Normal with Webapp Scans (Netsec) to Portal Workflows
- Installing a macOS Agent
- Target Groups
- Hardening the HIAB
- Supported Platforms for Authenticated SSH Scanning
- Troubleshooting SMB Authentication
- General Information about SMB/WinRM Scanning
- Download Agents
- Agent Installation Introduction
- Installing a Linux Agent
- Installing a Windows Agent
- Checking Schedules from OUTSCAN in Agent