Blumira Sensor Outbound Whitelisting and PCI Environment Handling

Google Cloud IPs and Google IPs must be whitelisted if performing IP-only whitelisting – last updated 2020-03-25.

Domains to Whitelist

Blumira leverages a number of Google Cloud Platform services to provide you with a scalable and efficient experience. Part of that is the utilization of broad domains that leverage private key authentication within the Google Cloud Platform. This means that if there’s an issue in one region, DNS can round robin to other available and routed IPs.

• mqtt.googleapis.com– HTTPS/443
  Your Sensor uses this to send telemetry up to Google and Blumira on it’s health and status.
• pubsub.googleapis.com – HTTPS/443
  Your Sensor encrypts and securely sends data up through this protocol using a private key created for your specific Sensor.
• storage.googleapis.com – HTTPS/443
  Your Sensor downloads Docker images from Google Storage that deploy new module functionality or gather your custom Docker Sensor image.
• gcr.io – HTTPS/443
  Your Sensor authenticates to the Google Container Repository using it’s private key to gather modules securely from storage.googleapis.com.

If you were able to whitelist the above URLs/FQDNs you’re all set! If you require IP-based whitelisting, please refer to the attachment which contains line-separated CIDRs that must be whitelisted. An IPv6 list is also provided for any IPv6 needs.

Blumira_Google_IPs_20200325_IPv4
100 KB Download

Blumira_Google_IPs_20200325_IPv6
2 KB Download