When partners work with third-party vendors for IR, Forensics, etc., sometimes those teams need to use additional tooling that is difficult to do when a host is isolated.

The partner in this example has a team needing to use CrowdStrike and the allowlist the app says it needs is by URL only and there are about 30 of them. They would like the option to add the URLs or select specific tools instead of having to lookup each IP tied to the URL, add IP, rinse, repeat, etc.