Learn how to ignore port scan alerts from a specific source IP in your Canary Console. Log in, navigate to Global Settings Ignored IPs & Ports, enable ignores, and add the IP or IP range to ignore only port scan activity.

To decrease false positives, you can ignore Port Scan traffic from known traffic sources (such as internal scanners) and still receive other connection attempts : SSH, Telnet, SMB access...

Follow the steps below to add an ignore for known Port Scan traffic from specific Source IPs to the ignore list on your Console:

Step 1: Log in to your Console

Step 2: Open Global Settings

1. Click on the gear icon at the top right of your console.
2. Click Global Settings.

Step 3: Check Ignored IPs and Ports

Click on Ignored IPs and Ports and then enable Ignored IPs and Ports from the menu.

Step 4: Choose How to Ignore Port Scan Activity

There are a few different options when it comes to ignoring Port Scan activity.

• Comments can be added to help organise the list.

• Ignore based on single IP Addresses and Port Scan activity.

  

• Ignore a range of IP Addresses and Port Scan activity.

  

• Multiple IP's can be separated by commas ( , )

  

• A wildcard ( * ) can be used on the last byte.

  

• Additional Ports can be added and separated by commas ( , )