1. RocketCyber
  2. Whitelisting
  3. General

Custom Whitelisting Beta

Whitelist cloud apps based on combinations of fields

Motivation

So you want to whitelist network tools, but only for your network administrators?  Something like

email = 'admin1@company.com' OR 'admin2@company.com'

AND

malicious_file_name = 'PuTTy'

How To

  1. Select an app result of the type you would like to whitelist, and select Add to Whitelist as usual

  2. Click Custom in the bottom left

  3. A list of all attribute paths will populate, each with a text field. Fill in the desired values.

    screen-shot-2020-05-15-at-1-45-47-pm.png

    1. Options are OR if within the same box. Each box is then combined with an AND.

    2. For example, in the picture above, you will whitelist items that match all of the following

      1. Result = "success" AND

      2. description = "Update user" AND

      3. principalName = "adm@cm.com" or "az@cm.com"

  4. Select Apply to existing if desired, and click Add

Support for custom whitelisting on non-cloud apps is on the way!

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us

Browse this section