This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Is it possible use wildcards for entity identifiers in the Blocklist?

Posted on 05-04-2023 07:01 AM
Michael_Schepp
New Member
Reply posted on --/--/---- --:-- AM

Hi all, anybody knows if it's possible to use wildcards for entity identifiers in the Blocklist ( https://siemplify.elevio.help/en/articles/493-create-block-list-to-exclude-entities-from-alerts )? Otherwise, is there any other way to block the creation of entities, especially legit URLs without specifying every single URL?

0 5 348
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
Dmitry_Sarakeev
Staff
Reply posted on --/--/---- --:-- AM

hey @Michael_Schepp ! This is not supported currently, but the team have a feature request to add it that they are evaluating

0 Likes

Posted on --/--/---- --:-- AM
Dmitry_Sarakeev
Staff
Reply posted on --/--/---- --:-- AM

unfortunately i cant share any ETA on this

0 Likes

Posted on --/--/---- --:-- AM
Michael_Schepp
New Member
Reply posted on --/--/---- --:-- AM

Thanks for your feedback. I hope we don't have to wait that long, as it would make a lot of things easier when working with the SOAR. Do you might have an idea as an workaround? Is there a way to hook into the mapping process (maybe directly in python)?

0 Likes

Posted on --/--/---- --:-- AM
Dmitry_Sarakeev
Staff
Reply posted on --/--/---- --:-- AM

im not sure, but if you dont want to have specific data in your alert and you have a custom connector, you should be able to filter that data on python level.

0 Likes

Posted on --/--/---- --:-- AM
Michael_Schepp
New Member
Reply posted on --/--/---- --:-- AM

Unfortunately we don't use Custom Connectors. Mainly the Splunk and Exchange ones.

0 Likes
Top Solution Authors
View all