Create a blocklist to exclude entities from alerts

Supported in:

Google secops SOAR

You can create a blocklist of items to prevent the system from grouping alerts by specific entities, or to exclude entities to display in the system.

Add a new blocklist item

To add a new blocklist item, follow these steps:

Go to SOAR Settings > Environments > Blocklist.
Click Add Blocklist.
Enter the Entity Identifier.
Select the Entity Type.
Choose the appropriate Action:
- Do not group alerts: The entity won't be used to group alerts. Alerts containing this entity remain visible.
- Do not create entity: The system doesn't create or process this entity.
Choose the relevant Environment.
Click Add.

For more information about how how grouped alerts are managed, see Configure alert grouping.

Need more help? Get answers from Community members and Google SecOps professionals.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-10-21 UTC.