Hi all, anybody knows if it's possible to use wildcards for entity identifiers in the Blocklist ( https://siemplify.elevio.help/en/articles/493-create-block-list-to-exclude-entities-from-alerts )? Otherwise, is there any other way to block the creation of entities, especially legit URLs without specifying every single URL?
hey @Michael_Schepp ! This is not supported currently, but the team have a feature request to add it that they are evaluating
unfortunately i cant share any ETA on this
Thanks for your feedback. I hope we don't have to wait that long, as it would make a lot of things easier when working with the SOAR. Do you might have an idea as an workaround? Is there a way to hook into the mapping process (maybe directly in python)?
im not sure, but if you dont want to have specific data in your alert and you have a custom connector, you should be able to filter that data on python level.
Unfortunately we don't use Custom Connectors. Mainly the Splunk and Exchange ones.