Some use cases for Cirro Access Rules.

Restrict Access to Cirro

In this Use Case, you’ll allow a selected user to login to Cirro only between the hours of 8am and 6pm.

  • Click Secure Connect then Access Rules.

  • Click Before Connection

  • Name the rule.

  • Choose Allow, When, User, Is

  • Choose one or more usernames.

  • Click Add Condition.

  • Choose Time of Day, Is Between.

  • Enter the times in 24-hour format (e.g., 08:00 and 18:00).

  • Choose a triggered notification if you have one ready.

  • Click OK when you’re finished.

Reject Logins from outside your network IP address range

This use case outlines how to reject logins from outside your network IP address range.

This scenario will allow only a specific IP range to login to Cirro. IP addresses outside this range will be immediately rejected.

  • Click Secure Connect then Access Rules.

  • Click Before Connection

  • Name the rule.

  • Choose Allow, When, Client IP, IS.

  • Enter your IP address range, or the specific addresses on your network permitted to login.

  • Choose a Triggered Notification if you have one ready.

  • Click OK when you’re finished.

Allow external application connections

Here you’ll learn how to allow an external analytics application, such as Grow.com, to connect to Cirro.

Before you start, you’ll need a Cirro user, with access to the appropriate Datasources and the IP address of the application website. You can find this using a website IP address lookup online.

  • Click Secure Connect then Access Rules.

  • Click Before Connection

  • Name the rule and tick to enable.

  • Choose Allow, When, Client IP, Is.

  • Enter the analytics application IP address.

  • Click and add a new condition.

  • Choose Allow, When, User, Is.

  • Select the Cirro user.

  • Add a triggered alert if required.

  • Click OK when finished.

Log all unauthorized login attempts

You can set a rule to log all unauthorized login attempts, which can help determine any security issues. You’ll need to specify your own IP address range for this to work, or reject any users outside Cirro.

  • Click Secure Connect then Access Rules.

  • Click Before Connection

  • Name the rule.

  • If you want to reject any outside IP address login attempts:

    • Choose Deny, When, Client IP, Is Not.

    • Enter your IP address range, or the specific addresses on your network permitted to login.

  • If you want to reject any unauthorized users:

    • Choose Deny, When, User, Is Not

    • Click each Cirro user you want to ALLOW (therefore excluding anyone NOT on the list)

  • Choose a Triggered Notification if you have one ready.

  • Click OK when you’re finished.

Once saved, this rule will log all login attempts outside your network to the Connection Rule Log

Get a notification when a rule is triggered

You can set an alert action when any Alert Action is triggered, which will send an email or notification to any HTTP enabled service like Slack.

This Use Case assumes you’ve already created an Access Rule.

First, create the notification.

  • Click Secure Connect then Alert Actions

  • Click Create Rule Alert

  • Name the alert.

  • Choose Email.

  • Enter the message subject (e.g., Users have logged in.)

  • Enter the message body. You can just use text, or include tags:

Tag Description Example
  logged in user, related to the Access Rule MyCirroUser
  The target system, which may be the Cirro web interface or a database cirro
Mydatabase
  The IP address of the login attempt 192.168.1.1

For example:


Warning: {{username}} has attempted to connect to {{target}} from {{source}}

Will result in:


Warning: MyCirroUser has attempted to connect to cirro from 192.168.1.1

  • Click Ok when you’re finished.

Second, add the Alert Action to an Access Rule.

  • Click Secure Connect then Access Rules.

  • Click Edit on your access rule.

  • Tick to enable the Rule.

  • Select the Alert Action from the Triggered Alert field.

  • Click OK to save.