Risk DashboardUpdated Jan 25, 2024
A denylist is a list of IP addresses that you do not want the scanner to scan. For example, devices with non-optimally designed or implemented embedded network stacks that may behave unexpectedly if scanned, like printers or consumer-grade WiFi access points that could print unexpected output or reboot if scanned. You can choose not to scan these devices.
Tip: Your CST works with you to reduce the number of devices on your denylist because a bad actor could use the same vulnerabilities to further compromise your network.
- Sign in to the Risk Dashboard.
- In the navigation menu, click Config > Scanner Config.
- In the Scanner Configuration section, in the DenyList IP/Networks field, enter IP addresses or networks as a comma-separated list in classless inter-domain routing (CIDR) format. The DenyList IP/Networks field accepts individual hosts without the
/32specification or networks in the same CIDR
Tip: You can specify multiple IP addresses using a
-separator in one of the IP octets. For example,
10.0.0.1, 10.0.0.2, 10.0.0.3.