Skip to main content

Search

How can I ignore only Port Scan activity from hitting my Canary from a specific Source IP?

  • Updated

Description: To decrease false positives, you can ignore Port Scan traffic from known traffic sources (such as internal scanners) and still receive other connection attempts : SSH, Telnet, SMB access...

Follow the steps below to add an ignore for known Port Scan traffic from specific Source IPs to the ignore list on your Console:

Step 1:

Log in to your Console.

Canary_Login_.png

Step 2:

Click on the Gear Icon and then Global Settings.

Gear.png

Step 3:

Click on Ignored IPs and Ports and then enable Ignored IPs and Ports from the menu.

Ignore_IP-Port_enabled.png

Step 4:

There are a few different options when it comes to ignoring Port Scan activity

  • Comments can be added to help organise the list.

IP-PS-0.png

  • Ignore based on single IP Addresses and Port Scan activity.

IP-PS-1.png

  • Ignore a range of IP Addresses and Port Scan activity.

IP-PS-4.png

  • Multiple IP's can be separated by commas ( , )

IP-PS-3.png

  • A wildcard ( * ) can be used on the last byte.

IP-PS-2.png

  • Additional Ports can be added and separated by commas ( , )

IP-PS-6.png

 

You're done! ;-)

 

Was this article helpful?
0 out of 0 found this helpful
Return to top