Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Loading...
Loading...

HOWTO: Importing updated Microsoft 365 URLs to WebMarshal

Expand / Collapse


This article applies to:

  • WebMarshal
  • Microsoft 365 cloud services

Question:

  • How can I exclude Microsoft 365 services from WebMarshal filtering?
  • How can I block access to certain Microsoft 365 services with WebMarshal?

Background:

Microsoft maintains a web service that provides up to date lists of URLs used by Microsoft 365.

In WebMarshal 7.5.0 and above, WebMarshal can automatically retrieve these URLs for use in FileFilter and the Proxy Bypass functionality.

  • See the User Guide and Help

You can add these FileFilter category listings to WebMarshal Categories, to apply rules to the URLs or exclude them from rules.

You can choose to add the All URLs list to the Proxy Bypass feature in  WebMarshal Global Settings.

The FileFilter categories are:

  • Microsoft 365 All URLs: Includes all URLs in the below categories
  • Microsoft 365 Common: Includes URLs used by multiple Microsoft 365 services
  • Microsoft 365 Exchange: Includes URLs used by Microsoft 365 Exchange Online
  • Microsoft 365 Sharepoint: Includes URLs used by Microsoft 365 Sharepoint
  • Microsoft 365 Skype: Includes URLs used by Microsoft 365 Skype

For more information about the URLs and categories, see the Microsoft 365 IP web service page maintained by Microsoft.

For details of FileFilter usage see WebMarshal Help.

Procedure (earlier versions):

In earlier versions of WebMarshal, to retrieve and apply these lists with WebMarshal, you can use the attached Powershell script "MicrosoftRangesFileFilter.ps1"

This script saves the lists in files formatted for use with WebMarshal FileFilter (7.1 and above - earlier versions do not support wildcards in FileFilter).

  1. Download the attached zip archive. Extract the script and copy it to the WebMarshal Array Manager server.
    • If the Array Manager cannot be given Web access, use another computer that has access.
    • Powershell 5.0 or above is required. 
    • The attached file (updated in December 2021) explicitly sets the TLS version for the connection to TLS 1.2. 
    • The script is unsigned. You may need to use the set-executionpolicy cmdlet to allow the script to run. Carefully consider local security policy before making settings.
  2. Run the script with Powershell. 
  3. Save the output to the FileFilter source location (see below).
  4. Trustwave suggests that you run this script daily between 0100 and 0200 local time. (The FileFilter daily update to processing nodes occurs between 0200 and 0300).
  5. To specify the output location, use the -savePath parameter.
    • If this parameter is not provided, the files are saved in the folder where the script is run.
    • Note: Parameters that include spaces must be enclosed in single quotes.
    • For example:
      powershell .\MicrosoftRangesFileFilter.ps1 -savePath 'C:\Program Files\Trustwave\WebMarshal\ArrayManager\Policy\FilteringLists\FileFilter'
It is also possible to import the formatted files directly into WebMarshal categories in the WebMarshal Console. The import will return an error for the FileFilter header line, but all URLs will be imported.

Notes:

  • The functionality included in version 7.5.0 and above is supported software.
  • The Powershell script and documentation for earlier versions are not supported software.
    • These materials have been created by Trustwave to assist customers.
    • Customers should review the script and results carefully to determine applicability to their environment.

To contact Trustwave about this article or to request support:


Rate this Article:
     

Attachments


MicrosoftRangesFileFilter-tls12.zip MicrosoftRangesFileFilter-tls12.zip (955 bytes, 525 views)

Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster
.