Permissions and access

Reading time: 0 minute(s) (0 words)

This page lists integrations that require additional permissions to set up an agent or direct connection with Nobl9 or to configure alerts.

To ensure the security of your network, it may be necessary to list Nobl9 IP addresses as trusted. So data between Nobl9 and a system you integrate with can reach its intended destination without being blocked.

💻ip allowlist

IP addresses to include in your allowlist for secure access:

If you're using app.nobl9.com instance:

• 18.159.114.21
• 18.158.132.186
• 3.64.154.26

If you're using us1.nobl9.com instance:

• 34.121.54.120
• 34.123.193.191
• 34.134.71.10
• 35.192.105.150
• 35.225.248.37
• 35.226.78.175
• 104.198.44.161

Data source

Amazon Redshift

• To configure an agent or direct connection to Amazon Redshift, you must provide an AWS Secret ARN that is tagged with the RedshiftDataFullAccess permission.
  

Read more about the Amazon Redshift data source.

AppDynamics

• The Nobl9 agent must have firewall access to http://<controller_host>:<controller_port>/controller/rest/<REST_URI>.
• To connect to AppDynamics, the AppDynamics API client needs at least the Applications and Dashboards Viewer permissions.
  Read more about the AppDynamics data source.

Azure Monitor

• The Microsoft.Resources/subscriptions/resourceGroups/read permission for your Azure Monitor application.
• The Monitoring Reader role for the Azure resources you want to read metrics from.
• Log Analytics API permission to use Azure Monitor Logs.

Nobl9 recommendation

Grant the Monitoring Reader role on the subscription or resource group level rather than a specific resource. A broader scope provides a more comprehensive choice of subscriptions, resource groups, resources, and metrics in the Nobl9 platform.

Read more about the Azure Monitor data source.

BigQuery

• A Nobl9 agent connection requires the following minimal set of permissions:
  • bigquery.datasets.get
  • bigquery.jobs.create
  • bigquery.jobs.list
  • bigquery.models.getData
  • bigquery.models.getMetadata
  • bigquery.tables.getData

Read more about the BigQuery data source.

Datadog

To connect to Datadog, the Nobl9 agent scrapes the /api/v1/query endpoint that requires timeseries_query authorization scope. Make sure your account has this scope before you connect to Datadog.
Read more about the Datadog data source.

Dynatrace

• To connect the Nobl9 agent to Dynatrace, you need an access token with metrics.read scope activated.
  Read more about the Dynatrace data source.

Google Cloud Monitoring

• To configure an agent or direct connection to Google Cloud Monitoring, the user account must have access to one of the following OAuth scopes:

  • https://www.googleapis.com/auth/cloud-platform
  • https://www.googleapis.com/auth/monitoring
  • https://www.googleapis.com/auth/monitoring.read

Read more about the Google Cloud Monitoring data source.

Splunk

• Nobl9 agent and direct connections to Splunk require a url that must point to the base API URL of the Splunk Search app. To access your Splunk Cloud Platform deployment using the Splunk REST API, you must submit a case requesting access via the Splunk direct Portal. Specifically, you should ask Splunk direct to open port 8089 for REST access.
  Read more about the Splunk data source.

note

Splunk integration requires search capability and access to the index to allow the Nobl9 agent to scrape the metrics.

Alternatively, you can also use a wildcard:

Alert methods

Jira

• To configure an alert, the user must have access and permission to create an issue in a project in Jira.
  Read more about the Jira alert method.

ServiceNow

• To allow ServiceNow alerts to integrate with Nobl9, you need to set up an Access Control List (ACL) for your ServiceNow users. To create a new ACL, you must have the security_admin permission assigned.
  Read more about the ServiceNow alert method.