Host isolation exceptions

Host isolation exceptionsedit

You can configure host isolation exceptions for specific IP addresses that isolated hosts are still allowed to communicate with, even when blocked from the rest of your network. Isolated hosts can still send data to Elasticsearch and Kibana, so you don’t need to set up host isolation exceptions for them.

Host isolation exceptions support IPv4 addresses, with optional classless inter-domain routing (CIDR) notation.

Each host isolation exception IP address should be a highly trusted and secure location since you’re allowing it to communicate with hosts that have been isolated to prevent a potential threat from spreading.

  1. Go to ManageHost isolation exceptions.
  2. Click Add Host isolation exception.
  3. Fill in these fields in the Add Host isolation exception flyout:

    1. Name your host isolation exceptions: Enter a name to identify the host isolation exception.
    2. Description: Enter a description to provide more information on the host isolation exception (optional).
    3. Enter IP Address: Enter the IP address for which you want to allow communication with an isolated host. This must be an IPv4 address, with optional CIDR notation (for example, 0.0.0.0 or 1.0.0.0/24, respectively).
  4. Click Add Host isolation exception.

View and manage host isolation exceptionsedit

The Host isolation exceptions list displays all the host isolation exceptions that have been configured for Elastic Security. To refine the Host isolation exceptions list, enter a query in the search bar. You can search by name, description, or IP address.

List of host isolation exceptions

Edit a host isolation exceptionedit

To edit a host isolation exception:

  1. Click the actions button (…​) for the exception you want to edit, then select Edit Exception.
  2. Modify details as needed.
  3. Click Edit Host isolation exception. The newly modified exception appears at the top of the list.

Delete a host isolation exceptionedit

To delete a host isolation exception:

  1. Click the actions button (…​) for the exception you want to delete, then select Delete Exception.
  2. On the dialog that opens, verify that you are removing the correct host isolation exception, then click Remove exception. A confirmation message is displayed.