If you choose to limit network egress out of your environments, you may need to whitelist the Threat Stack Platform in your firewall configuration to enable the Agent to register and send data. Be aware that doing so can be dangerous for your service availability since the Threat Stack IP addresses can change at any time. This would only happen if we are actively remediating certain types of attacks against our infrastructure.
The addresses required for whitelisting network access include:
- 220.127.116.11 (443/tcp)
- 18.104.22.168 (443/tcp)
- 22.214.171.124 (443/tcp)
- 126.96.36.199 (443/tcp)
At no point does the Threat Stack Platform initiate a connection down to the Agent, therefore inbound flows to your network should continue to block access while allowing outbound flows.
The Agent connects to the following domains:
- app.threatstack.com (443/tcp) - registration only
- cssensors.threatstack.com (443/tcp) - all post registration communication
Threat Stack does not support proxies at this time.
For more information on whitelisting webhooks see the Configure Network Access for Webhooks article.