You can create a blocklist of items composed of entities that the system
does not group alerts by, or entities that shouldn't be displayed in the system.
Add a new blocklist item
Navigate to
SOAR Settings > Environments > Blocklist.
Click add on the top right of the
page.
Enter the Entity Identifier and select the Entity Type,
Action, and the Environment.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["Blocklists allow you to exclude specific entities from alert grouping and display within the Google SecOps system."],["You can add items to a blocklist by navigating to **SOAR Settings \u003e Environments \u003e Blocklist** and using the add feature."],["When adding a blocklist item, you must specify the **Entity Identifier**, **Entity Type**, **Action**, and **Environment**."],["More information on alert grouping can be found in the [Alert grouping mechanism](https://cloud.google.com/chronicle/docs/soar/investigate/working-with-alerts/alert-grouping-mechanism-admin)."]]],[]]
