Create a blocklist to exclude entities from alerts
Supported in:
You can create a blocklist of items to prevent the system from grouping alerts by specific entities, or to exclude entities to display in the system.
Add a new blocklist item
To add a new blocklist item, follow these steps:
- Go to SOAR Settings > Environments > Blocklist.
- Click Add Blocklist.
- Enter the Entity Identifier.
- Select the Entity Type.
- Choose the appropriate Action:
- Do not group alerts: The entity won't be used to group alerts. Alerts containing this entity remain visible.
- Do not create entity: The system doesn't create or process this entity.
- Choose the relevant Environment.
- Click Add.
For more information about how how grouped alerts are managed, see Configure alert grouping.
Need more help? Get answers from Community members and Google SecOps professionals.