ON THIS PAGE
Asset Blacklists and Whitelists
JSA uses a group of asset reconciliation rules to determine if asset data is trustworthy. When asset data is questionable, JSA uses asset blacklists and whitelists to determine whether to update the asset profiles with the asset data.
An asset blacklist is a collection of data that JSA considers untrustworthy. Data in the asset blacklist is likely to contribute to asset growth deviations and JSA prevents the data from being added to the asset database.
Anasset blacklist is a collection of asset data that overrides the asset reconciliation engine logic about which data is added to an asset blacklist. When the system identifies a blacklist match, it checks the whitelist to see whether the value exists. If the asset update matches data that is on the whitelist, the change is reconciled and the asset is updated. Whitelisted asset data is applied globally for all domains.
Your JSA administrator can modify the asset blacklist and whitelist data to prevent future asset growth deviations.
Asset Blocklists
An asset blocklist is a collection of data that JSA considers untrustworthy based on the asset reconciliation exclusion rules. Data in the asset blocklist is likely to contribute to asset growth deviations and JSA prevents the data from being added to the asset database.
Every asset update in JSA is compared to the asset blocklists. Blocklisted asset data is applied globally for all domains. If the asset update contains identity information (MAC address, NetBIOS host name, DNS host name, or IP address) that is found on a blocklist, the incoming update is discarded and the asset database is not updated.
The following table shows the reference collection name and type for each type of identity asset data.
Type of identity data |
Reference collection name |
Reference collection type |
|---|---|---|
IP addresses (v4) |
Asset Reconciliation IPv4 Blacklist |
Reference Set [Set Type: IP] |
DNS host names |
Asset Reconciliation DNS Blacklist |
Reference Set [Set Type: ALNIC*] |
NetBIOS host names |
Asset Reconciliation NetBIOS Blacklist |
Reference Set [Set Type: ALNIC*] |
MAC Addresses |
Asset Reconciliation MAC Blacklist |
Reference Set [Set Type: ALNIC*] |
* ALNIC is an alphanumeric type that can accommodate both host name and MAC address values.
Your JSA administrator can modify the blocklist entries to ensure that new asset data is handled correctly.
Asset Allowlists
You can use asset allowlists to keep JSA asset data from inadvertently reappearing in the asset blacklists.
An asset allowlists is a collection of asset data that overrides the asset reconciliation engine logic about which data is added to an asset blacklist. When the system identifies a blacklist match, it checks the allowlists to see whether the value exists. If the asset update matches data that is on the allowlists, the change is reconciled and the asset is updated. Allowlisted asset data is applied globally for all domains.
You can use the Reference Set Management tool to edit the allowlist entries.
Your JSA administrator can modify the allowlists entries to ensure that new asset data is handled correctly.
Example Of an Allowlist Use Case
The allowlist is helpful if you have asset data that continues to show up in the blacklists when it is a valid asset update. For example, you might have a round robin DNS load balancer that is configured to rotate across a set of five IP addresses. The Asset Reconciliation Exclusion rules might determine that the multiple IP addresses associated with the same DNS host name are indicative of an asset growth deviation, and the system might add the DNS load balancer to the blacklist. To resolve this problem, you can add the DNS host name to the Asset Reconciliation DNS Whitelist.
Mass Entries to the Asset Allowlist
An accurate asset database makes it easier to connect offenses that are triggered in your system to physical or virtual assets in your network. Ignoring asset deviations by adding mass entries to the asset allowlist is not helpful in building an accurate asset database. Instead of adding mass allowlist entries, review the asset blacklist to determine what is contributing to the deviating asset growth and then determine how to fix it.
Types Of Asset Allowlists
Each type of identity data is kept in a separate allowlist. The following table shows the reference collection name and type for each type of identity asset data.
Type of data |
Reference collection name |
Reference collection type |
|---|---|---|
IP addresses |
Asset Reconciliation IPv4 Whitelist |
Reference Set [Set Type: IP] |
DNS host names |
Asset Reconciliation DNS Whitelist |
Reference Set [Set Type: ALNIC*] |
NetBIOS host names |
Asset Reconciliation NetBIOS Whitelist |
Reference Set [Set Type: ALNIC*] |
MAC addresses |
Asset Reconciliation MAC Whitelist |
Reference Set [Set Type: ALNIC*] |
* ALNIC is an alphanumeric type that can accommodate host name and MAC address values. |
||