Arctic Wolf Unified Portal Telemetry ManagementUpdated Jan 17, 2024
A denylist is a list of IP addresses that you specifically do not want the scanner to scan. This can include devices with non-optimally designed or implemented embedded network stacks that can behave unexpectedly when scanned. For example, printers or consumer-grade WiFi access points can have unexpected output or reboot when scanned. You can decide not to scan these devices.
Tip: Work with your Concierge Security® Team (CST) to reduce the number of devices on your denylist because threat actors can use it to compromise your network.
Sign in to the Arctic Wolf Unified Portal.
Click Telemetry Management > Scanners.
Click Configure for the scanner that you want to view.
Tip: The scanner must be online for configuration changes. If needed, use filters to limit your results. See Scanner filters for more information.
Click the Scan Exclusion tab.
Do one of these actions:
- Enter an IP address, IP address range, or a CIDR address range in the field.
- Click Upload, find your CSV file that contains the IP addresses, IP ranges, or CIDR notation that you want to use for hostname resolution, and then click Open.
- To specify multiple IP addresses, use a - separator in one of the IP octets. For example,
- To specify a CIDR range, use a comma-separated list. You can enter individual hosts without the
/32specification or networks in the same CIDR
- When uploading a Microsoft Excel CSV file, do not use column headings. Only populate the first column. Separate entries by row.
- Duplicate uploads are ignored. For example, if you create a CSV file with 10 entries and upload the CSV file to the Unified Portal, and then add 5 more entries to your CSV file and upload the same CSV file to the Unified Portal, only the 5 most recent entries are added to your denylist.
Click Update Configuration.
This button is not available if the scanner is offline.