How to - Manage Allowlist Rules

Introduction

An Allowlist provides the option to explicitly allow some exceptions when dealing with alerts.

On some occasions, you might want to make an exception for a certain domain and/or alert violations, to temporarily not be taken into account when you check the compliance of ads or site pages within AdSecure. A good example of this would be when you are in the process of resolving a known threat or quality issue detected on a project that scans frequently. Applying an Allowlist Rule in such a case will allow you to save time to focus on new alert violations that may occur on the project, rather than having to repeatedly check alerts on the known issue you are in the process of resolving.

In this guide, we will further explain in detail how to:

  • Navigate to Allowlist Rules page
  • Create an Allowlist Rule
  • Delete an Allowlist Rule
  • Whitelist specific antivirus vendors from VirusTotal
  • The reporting of Allowlisted alerts

Navigate to Allowlist Rules section

You can navigate to the Allowlist Rules section via the navigation menu on the left side of the application.



Create an Allowlist Rule

To create a new Allowlist Rule, simply click on the "New Allowlist Rule" button at the top right corner of the screen.



A panel will slide-in from the right side of your screen.



Domain

  • Select 'All domains' or enter a specific domain.
  • When the option 'All domains' is selected, 1 or more Alert violations need to be selected from the drop-down list. When a specific domain is entered and no Alert violations are selected, the rule will apply to all Alert violations.
  • Choose the duration for which the rule will be active.

Scope

  • Select 'Project' or 'All analyses', to indicate whether the rule should apply only to analyses from a specific project, or to all the analyses. (Note: this means analyses from all sources, including API analyses).
  • When the option 'Project' is selected, you need to select a specific project.

Delete an Allowlist Rule

To delete an Allowlist Rule, click on the delete icon next to the rule.



Allowlist Rules can be deleted at any time in case they should no longer be applied.

Note: Allowlist Rules can't be edited. You can delete a rule and create a new rule is desired.

Whitelist specific antivirus vendors from VirusTotal

When you find yourself lacking trust in any of the antivirus vendors listed on VirusTotal, it's worth considering the option to add them to your Allowlist Rule. By doing so, you can prevent unnecessary alerts and notifications.

Screenshot 2023-08-22 at 10 42 18

Reporting of Allowlisted alerts

Allowlisted alerts will still be reported by AdSecure. However, they will not look or act like a normal detection on an alert.

Allowlisted alerts will be displayed in a lighter shade and contain a strikethrough, to indicate that the alert is treated like an allowed exception. Allowlisted alerts will be visible in AdSecure reports and in the Analyses listing within the Analyses section of the AdSecure application.

Look of allowlisted alerts:



When you activated external notifications on alerts (like an email or an HTTP callback), allowlisted alerts won't trigger any notifications as long as the allowlisted rule is active.

How to - Manage Alert RulesHow to - Manage Notifications