It should be noted that the 'Testing Infrastructure' functionality within your watchTowr Platform tenant (Platform > Testing Infrastructure) should be considered authoritative for the information contained below.
During the subscription period, in-scope entities and systems are expected to receive network traffic from the watchTowr Platform, and artefacts of watchTowr's testing mechanisms may exist within logs.
While we don't require whitelisting within WAFs, IDSs, IPSs and firewalls - please ensure that watchTowr Platform activity and infrastructure is communicated to necessary stakeholders (including SOC, MSSP, in-scope subsidiaries and any relevant third parties).
However, it is recommended that watchTowr source IP addresses are whitelisted and filtered in network defense devices and monitoring systems to ensure that;
Security testing probes are not blocked, and
watchTowr activity does not cause false-alarms or alerts inside SOCs, MSSPs, etc, and
All alerts and activities can be attributed to authorized activity.
The watchTowr Platform will leverage the following hostnames and IP ranges for network activities.
Global Indicators (likely to be present in logs)
*.dns.outbound.watchtowr.com
wtwr.to
Singapore Tenant Specific Infrastructure
18.143.202.0/24
18.142.102.154 - Used for WAF and whitelisting checks from Singapore (do not whitelist)
52.220.114.68 - Used for WAF and whitelisting checks from Singapore (do not whitelist)
54.255.89.164 - Used for WAF and whitelisting checks from Singapore (do not whitelist)
Australia Tenant Specific Infrastructure
13.107.82.128/25
3.107.66.224/28
3.105.138.238 - Used for WAF and whitelisting checks from Australia (do not whitelist)
52.64.196.1 - Used for WAF and whitelisting checks from Australia (do not whitelist)
52.63.5.140 - Used for WAF and whitelisting checks from Australia (do not whitelist)