Do you recommend us allowlisting your source IP addresses?

ANSWER Yes.

There are many different sides of this question, but ultimately we believe the best value in getting a comprehensive security assessment performed is allowlisting our IP addresses. The reason is because, when being blocked, the platform is unable to continue and ultimately may not return anything of value.

The other argument is that, by allowlisting, it may not necessarily demonstrate the full potential of the security controls in place. We understand this as well and would, perhaps, recommend performing an assessment against a small range of IP addresses first, followed by the remaining IP addresses, to understand where the security controls fall short.

At some point in the future, we plan to implement an advanced scheduler which will allow you to perform a simulated attack before conducting a full penetration test. This will allow you to test your security controls without necessarily having to perform a full blown assessment.

QUESTION What is the public IP address that needs to be allowlisted?

ANSWER Please refer to the following article for a list of public IP addresses vPenTest uses during testing: What are the public IPs used by vPenTest?

QUESTION Can we allowlist you after a first scan?

ANSWER Our partners with the continuous model can enjoy performing multiple scans at any time they wish.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!