Black / White List

Blocked / Allowed List

The NETALERT solution provides the ability to manage traffic by categorizing entities into Blocked or Allowed lists. This enables administrators to control network activity and generate appropriate alerts for security and monitoring purposes.

Key Features:

• Allows specific MAC addresses or IP addresses to be monitored separately.

• Ensures quick detection of unauthorized or suspicious traffic.

• Works in conjunction with pre-defined security policies and threat intelligence.

Blocked List (Restricted IP Categories)

Traffic originating from any IP addresses present in the Blocked List will trigger alerts within the NETALERT solution.

Categories of Blocked IPs:

1.Mining Nodes – Known IPs involved in cryptocurrency mining, which could impact network performance.

2.Tor Exit Nodes – Traffic from these nodes can indicate anonymous browsing or potential malicious activity.

3.DDNS IPs – Dynamic Domain Name System (DDNS) IPs often associated with evasion techniques.

4.Banned DNS IPs – Includes blacklisted Domain Name System (DNS) addresses.

5.Banned SMTP IPs – Blocks email traffic from known spamming sources.

6.IOC IPs – Indicators of Compromise (IOC) IPs linked to malware, phishing, or cyber threats.

Setting up the lists

MAC List (Devices for Special Monitoring)

This feature allows the tracking of specific devices within the network based on their MAC addresses. By adding MAC addresses to a monitoring list, administrators can analyze the traffic separately and receive alerts if unusual activity is detected.

MacAddresses actions:

• Adding MAC Addresses:
  • Administrators can manually add MAC addresses using the Add button.
  • MAC addresses can also be imported from a CSV file.

• Editing MAC Addresses:
  • Already added MAC addresses can be modified as needed.

• Deleting MAC Addresses:
  • Administrators can remove any MAC addresses from the list.
• Exporting MAC Addresses:
  • The list of monitored MAC addresses can be exported as a CSV file for backup or further analysis.

Mining Nodes (IPs Involved in Cryptocurrency Mining)

This feature allows administrators to block known cryptocurrency mining IP addresses to prevent excessive resource consumption and potential security threats.

Mining Nodes actions:

• Adding Mining Node IPs:
  • Administrators can manually add mining-related IPs using the "Add" button.
  • IPs can also be imported from a CSV file.

Editing Mining Node IPs:

• Already added mining node IPs can be modified as needed.

Deleting Mining Node IPs:

• Administrators can remove any mining-related IPs from the list.

Exporting Mining Node IPs:

• The list of mining node IPs can be exported as a CSV file for documentation or further analysis.

Tor Exit Nodes (Anonymous Browsing and Potential Malicious Activity)

This feature allows the blocking of Tor exit nodes, which are often used for anonymous browsing or cyber threats.

Tor Exit Nodes actions:

• Adding Tor Exit Node IPs:
  • Administrators can manually add Tor-related IPs using the "Add" button.
  • IPs can also be imported from a CSV file.

• Editing Tor Exit Node IPs:
  • Already added Tor exit node IPs can be modified as needed.

• Deleting Tor Exit Node IPs:
  • Administrators can remove any Tor exit node IPs from the list.
• Exporting Tor Exit Node IPs:
  • The list of Tor exit node IPs can be exported as a CSV file for documentation or further analysis.

DDNS IPs (Dynamic Domain Name System Addresses Associated with Evasion Techniques)

This feature helps block DDNS IPs that cybercriminals often use to evade detection.

DDNS IP actions:

• Adding DDNS IPs:
  • Administrators can manually add DDNS-related IPs using the "Add" button.
  • IPs can also be imported from a CSV file.

• Editing DDNS IPs:
  • Already added DDNS IPs can be modified as needed.

• Deleting DDNS IPs:
  • Administrators can remove any DDNS IPs from the list.
• Exporting DDNS IPs:
  • The list of DDNS IPs can be exported as a CSV file for documentation or further analysis.

Banned DNS IPs (Blacklisted Domain Name System Addresses)

This feature allows administrators to block DNS addresses flagged for malicious activity or security risks.

Banned DNS IP actions:

• Adding Banned DNS IPs:
  • Administrators can manually add banned DNS IPs using the "Add" button.
  • IPs can also be imported from a CSV file.

• Editing Banned DNS IPs:
  • Already added banned DNS IPs can be modified as needed.

• Deleting Banned DNS IPs:
  • Administrators can remove any banned DNS IPs from the list.
• Exporting Banned DNS IPs:
  • The list of banned DNS IPs can be exported as a CSV file for documentation or further analysis.

Banned SMTP IPs (Blocked Email Traffic from Known Spamming Sources)

This feature enables blocking of SMTP IPs associated with spam, phishing, and other email threats.

Banned SMTP IP actions:

• Adding Banned SMTP IPs:
  • Administrators can manually add banned SMTP IPs using the "Add" button.
  • IPs can also be imported from a CSV file.

• Editing Banned SMTP IPs:
  • Already added banned SMTP IPs can be modified as needed.

• Deleting Banned SMTP IPs:
  • Administrators can remove any banned SMTP IPs from the list.
• Exporting Banned SMTP IPs:
  • The list of banned SMTP IPs can be exported as a CSV file for documentation or further analysis.

IOC IPs (Indicators of Compromise – Malware, Phishing, or Cyber Threats)

This feature allows administrators to block IPs that are identified as Indicators of Compromise (IOC), helping to prevent cyberattacks.

IOC IP actions:

• Add a New IOC IP:
  • Click on the "Add IOC IP" button.
  • Name: A descriptive name for the IOC entry (e.g., "Phishing Server 01").
  • Enter the IP Address to be classified as an IOC.
  • Click "Save" to confirm the addition.

• Edit an Existing IOC IP

  • Locate the IOC IP in the list.

  • Click on the "Edit" button next to the entry.

  • Modify the details as needed:

    • Update the Name.

    • Change the IOC IP address.

• Import IOC IPs from a CSV File

  • Click on "Import CSV" to bulk upload IOC IPs.

  • Select a CSV file containing IOC IP addresses.

  • Ensure the file follows the correct format (IP Address, Name).

  • Click "Upload" and wait for the confirmation message.

• Export IOC IPs for Documentation or Backup

  • Click on "Export CSV" to generate a list of IOC IPs.
  • Save the file for analysis or backup purposes.

• Truncate the IOC List (Clear All Entries)

  • Click on "Truncate" to remove all IOC IPs from the list.
  • A warning message will appear—confirm the action only if necessary.

• Block All IOC IPs

  • Click on "Block ALL" to restrict traffic from all listed IOC IPs.
  • The system will apply the changes immediately.

• Block or Unblock Individual IOC IPs

  • Locate a specific IOC IP in the list.
  • Click "Block" to restrict its access.

Go back to the Administration index.