While you can certainly reduce the address range to whatever suits your network admin, we cannot guarantee proper functionality of our agents in that case. The reason we have such a wide range allowed is that our service provider for Distributed Denial of Service attack mitigation uses that as their netblock, and their algorithm for mitigating attacks requires a sizable range of IP addresses as some mitigation is DNS based and might be updated frequently during an attack. Yes, that netblock is shared with other customers of that provider, but as you can tell your network administrator, we never initiate contact from our networks (except for synthetics and availability monitoring) - so you need only whitelist the blocks for outgoing, not incoming traffic. If someone can convince our agents on your network to talk to “their” host within the shared netblock - your DNS or network has been compromised.
Do we use that range every day, week, or month? No. At present, the smallest netblock listed - 188.8.131.52/24 - is sufficient. But the other netblocks are for futureproofing in case we a) need more space (we have a lot of data coming into that /24), b) we get attacked, or c) we need to grow - we promise not to change things from the 4 blocks listed in a shorter timeframe than 3 months.
While you can choose to whitelist only that small netblock, when you write in about your agents not reporting in case of a network change, we will help you troubleshoot it, but we won’t be able to back-populate lost data. It is not a best practice not to include all the networks listed.