fbpx
Back Arrow Back to All Integrations

Blumira Sensor Outbound Allowlist

Allowlisting outbound traffic for Blumira sensors

Click here for the most updated version of this documentation.

Blumira leverages a number of Google Cloud Platform services to provide you with a scalable and efficient experience. If you require strict outbound traffic filtering (e.g., for PCI compliance), then you must allowlist traffic to a specific subset of Google assets on the internet. We strongly recommend using URL/FQDN filtering where possible. However, if you cannot allow this for your organization, then you must add all Google Cloud IPs and Google IPs to an allowlist. This article explains how to do both.

 

Sign Up For Your Free Account Today

Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required

 

Free Trial

Allowlisting outbound traffic for Blumira sensors

Google Cloud IPs and Google IPs must be added to an allowlist if performing IP-only allowlisting

Allowlisting by URLs/FQDNs

Blumira uses broad domains that leverage private key authentication within the Google Cloud Platform. This means that if there is an issue in one region then DNS can shift to other available and routed IPs. The following are the URLs/FQDNs to allowlist:

  • mqtt.googleapis.com– HTTPS/443
    To send telemetry up to Google and Blumira on its health and status.
  • pubsub.googleapis.com – HTTPS/443
    To securely send data up through this protocol using a private key created for your specific sensor.
  • storage.googleapis.com – HTTPS/443
    To download Docker images from Google Storage that deploy new module functionality or gather your custom Docker sensor image.
  • gcr.io – HTTPS/443
    To authenticate to the Google Container Repository using its private key to gather modules securely from storage.googleapis.com.

Allowlisting by IP address

If you cannot allowlist by URL/FQDN, then you must allowlist the IP addresses in the files in the following links: