You can create a blocklist of items composed of entities that the system
does not group alerts by, or entities that shouldn't be displayed in the system.
Add a new blocklist item
Navigate to
SOAR Settings > Environments > Blocklist.
Click add on the top right of the
page.
Enter the Entity Identifier and select the Entity Type,
Action, and the Environment.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eBlocklists allow you to exclude specific entities from alert grouping and display within the Google SecOps system.\u003c/p\u003e\n"],["\u003cp\u003eYou can add items to a blocklist by navigating to \u003cstrong\u003eSOAR Settings > Environments > Blocklist\u003c/strong\u003e and using the add feature.\u003c/p\u003e\n"],["\u003cp\u003eWhen adding a blocklist item, you must specify the \u003cstrong\u003eEntity Identifier\u003c/strong\u003e, \u003cstrong\u003eEntity Type\u003c/strong\u003e, \u003cstrong\u003eAction\u003c/strong\u003e, and \u003cstrong\u003eEnvironment\u003c/strong\u003e.\u003c/p\u003e\n"],["\u003cp\u003eMore information on alert grouping can be found in the \u003ca href=\"https://cloud.google.com/chronicle/docs/soar/investigate/working-with-alerts/alert-grouping-mechanism-admin\"\u003eAlert grouping mechanism\u003c/a\u003e.\u003c/p\u003e\n"]]],[],null,["# Create blocklist to exclude entities from alerts\n================================================\n\nSupported in: \nGoogle secops [SOAR](/chronicle/docs/secops/google-secops-soar-toc) \nYou can create a blocklist of items composed of entities that the system\ndoes not group alerts by, or entities that shouldn't be displayed in the system.\n\nAdd a new blocklist item\n------------------------\n\n1. Navigate to **SOAR Settings \\\u003e Environments \\\u003e Blocklist**.\n2. Click add on the top right of the page.\n3. Enter the **Entity Identifier** and select the **Entity Type** , **Action** , and the **Environment**.\n4. Click **Add**.\n\nFor more information about how how grouped alerts are managed, see\n[Alert grouping mechanism](/chronicle/docs/soar/investigate/working-with-alerts/alert-grouping-mechanism-admin).\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
