Smarter Whitelisting Just Landed: CIDR Support for IP Address Whitelisting
Release: September R1
Category: Platform Enhancements
Available To: All Customers
🚀 Overview
We’ve made whitelisting faster, cleaner, and smarter. Analysts can now whitelist entire CIDR blocks (for example, 192.168.0.0/24)—not just individual IP addresses. This enhancement enables broader and more efficient suppression of low-value alerts from known, trusted network segments.
The result? More accurate alerts, fewer false positives, and a smoother SOC experience.
💡 What’s New
You can now use CIDR notation to add entire subnets to your IP allowlist.
Example:
Instead of manually adding each IP in your guest Wi-Fi range (192.168.10.1, 192.168.10.2, etc.), simply whitelist the subnet once as:
192.168.10.0/24
This single entry covers all 256 IPs in that range—saving you time and reducing allowlist clutter.
🔧 Why It Matters
Managing false positives is a top challenge for every SOC. With CIDR support, you can now:
-
Reduce alert noise from known benign traffic
-
Simplify IP management and reduce manual entries
-
Improve alert precision across your environment
-
Speed up triage and response workflows
🧭 How To Use
-
Navigate to [Whitelisting Settings] → [IP Address Allowlist].
-
Select Add New Entry.
-
Enter the desired CIDR block (e.g., 192.168.10.0/24).
-
Save changes—your CIDR entry now applies to all IPs in that range.
Note: Existing IP allowlist entries remain unaffected. You can mix individual IPs and CIDR blocks for flexible control.
🌐 Availability
This feature is included in the September R1 Release and is live in all environments.
💬 We’d Love Your Feedback
Have you tried CIDR support yet?
Share your experience and let us know how it’s improving your alert workflow below. Your feedback helps shape our next updates.