Add an IP address or IP address range to the denylist

A denylist is a list of IP addresses that you do not want the scanner to scan. For example, devices with non-optimally designed or implemented embedded network stacks that might behave unexpectedly if scanned, like printers or consumer-grade WiFi access points that could print unexpected output or reboot if scanned. You can choose not to scan these devices.

Tip:

Your CST works with you to reduce the number of devices on your denylist because a bad actor could use the same vulnerabilities to further compromise your network.

  1. Sign in to the Risk Dashboard.
  2. In the navigation menu, click Config > Scanner Config.
  3. In the Scanner Configuration section, in the DenyList IP/Networks field, enter IP addresses or networks as a comma-separated list in classless inter-domain routing (CIDR) format. The DenyList IP/Networks field accepts individual hosts without the /32 specification or networks in the same CIDR X.X.X.X/Y.
    Tip:

    You can specify multiple IP addresses using a - separator in one of the IP octets. For example, 10.0.0.1-3 expands to 10.0.0.1, 10.0.0.2, 10.0.0.3.