Create a blocklist to exclude entities from alerts

Supported in:

You can create a blocklist of items to prevent the system from grouping alerts by specific entities, or to exclude entities to display in the system.

Add a new blocklist item

To add a new blocklist item, follow these steps:

  1. Go to SOAR Settings > Environments > Blocklist.
  2. Click Add Blocklist.
  3. Enter the Entity Identifier.
  4. Select the Entity Type.
  5. Choose the appropriate Action:
    • Do not group alerts: The entity won't be used to group alerts. Alerts containing this entity remain visible.
    • Do not create entity: The system doesn't create or process this entity.
  6. Choose the relevant Environment.
  7. Click Add.

For more information about how how grouped alerts are managed, see Configure alert grouping.

Need more help? Get answers from Community members and Google SecOps professionals.