Announcements
The Google Cloud Security Community is upgrading platforms!

Read more and check out our FAQ

Is it possible use wildcards for entity identifiers in the Blocklist?

Hi all, anybody knows if it's possible to use wildcards for entity identifiers in the Blocklist ( https://siemplify.elevio.help/en/articles/493-create-block-list-to-exclude-entities-from-alerts )? Otherwise, is there any other way to block the creation of entities, especially legit URLs without specifying every single URL?

0 5 395
5 REPLIES 5

hey @Michael_Schepp ! This is not supported currently, but the team have a feature request to add it that they are evaluating

unfortunately i cant share any ETA on this

Thanks for your feedback. I hope we don't have to wait that long, as it would make a lot of things easier when working with the SOAR. Do you might have an idea as an workaround? Is there a way to hook into the mapping process (maybe directly in python)?

im not sure, but if you dont want to have specific data in your alert and you have a custom connector, you should be able to filter that data on python level.

Unfortunately we don't use Custom Connectors. Mainly the Splunk and Exchange ones.