As part of my PCI DSS audits, I need to whitelist the scanning IP range. I see a mechanism to add them to trusted networks, but the auditing company says I should not blanket whitelist them and instead only whitelist them from IDS and other installed countermeasures. Is there a way to accomplish this within their recommendations? I could not find one in the individual modules or anywhere in the portals provided by my firewall.
welcome to the community. I would try to help you, but can you please explain what you are doing?
Perhaps @bwdjames could help here.
Here is a link to another thread where the security of PCI DSS is discussed.