Which Whitelisted URLs are Required?

nagios
security
questions

(Matt) #1

Hello All,

I am new to PagerDuty and have a question on Whitelisting.

In the Whitelisting docs it says there are 3 sets of IPs that need to be Whitelisted. *i.e. Events, REST and Webhooks.

But, it doesn’t mention which of those URLs/IP lists are absolutley necessary for the Nagios/PagerDuty two-way integration. So, I was wondering which of those 3 are Required and which are Optional (*if any).?

I was confused as to if all three of those are actually needed…? The “Events” explanation makes sense, because it specifically says its for triggering, acknowledging, and resolving incidents, which I believe is for outbound connections from our Nagios server to the events.pagerduty.com URL. And Webhooks would be the opposite. But, I’m a little confused on the REST API and its purpose.

I’m not sure. But, it sounds like only Events (*Outbound from Nagios to PagerDuty) and Webhooks (*Inbound from PagerDuty to Nagios) are required?

Thanks in Advance,
Matt


(Joe Pettit) #2

Hey Matt,

Thanks for reaching out! The two-way integration for Nagios and PagerDuty does not make use of our REST API, but it does use events and webhooks. That said, you should be safe to only whitelist the IP addresses for events and webhooks.

I hope that helps! Please let me know if you have any further questions, thanks!

Warm Regards,

Joe


(Matt) #5

Sorry, I didn’t know I got any replies on this until just now when I got an email…

If the things for “Events” are for Outbound traffic, FROM my Nagios server --TO–> the PagerDuty servers, then wouldn’t it not be necessary to whitelist those IPs since it’s Outbound from my Network?

As I understand it now. The Webhooks are so PagerDuty can communicate directly wtih my Nagios server, *i.e. Inbound traffic to my Nagios server. ?

Wouldn’t it make sense that only Webhooks would need to be whitelisted?

Thanks,
Matt


(Joe Pettit) #6

Hey Matt,

Thanks for following up with us.

Your analysis is correct, webhooks are for us to communicate with your server/service while the Events API traffic is for outbound communication. Technically, webhooks should be all you would need, however this could vary depending on your exact firewall configuration.

If you are looking to minimize your surface area as much as possible I would start by whitelisting the webhook IP and then testing to confirm the two-way integration still works with your configuration. If not, whitelisting the Events endpoint would likely correct the issue.

I hope that answers your question - please let me know if you have any others!

Warm Regards,

Joe


(system) #7