Page tree

Contents

To create a custom list, complete the following:

  1. From the Cloud Services Portal, click Policies → Security Policies.
  2. On the Security Policies page, click the Custom Lists tab located above the top Action bar.
  3. On the Custom Lists page, click Create at the top Action bar.
  4. On the Create a Custom List page, complete the following:
    • Custom List Name: Enter a name for the custom list. Ensure that you use a unique name for each custom list.
    • Description: Enter a brief description of the custom list.
    • Threat Level: Select a Threat  level from among the following options: Info, High, Medium, and Low. The default Threat insight value is High. For more information creating a custom list with customer-defined threat rating level, see Customer-Defined Threat Level and Confidence Score for Custom and Threat Insight Lists.
    • Threat Confidence: Select a Threat Confidence score from among the following options: High, Low. Medium. The default Threat insight value is LowFor more information creating a custom list with customer-defined threat confidence score, see Customer-Defined Threat Level and Confidence Score for Custom and Threat Insight Lists.
    • Domains/IP Addresses: Enter a fully qualified domain name (FQDN), a valid IPv4 address, IPv6 address, or a CIDR that you want to include in the custom list that you are creating. For example, you can include a CIDR using a /24 -/32 subnet mask. You can enter multiple domains or IP addresses by repeating the same steps. For each domain or IP address added to a custom list, a description for the domain or IP address can also be added to improve the investigative process. When finished, press any key on your keyboard to accept the entry. To remove a domain or IP from the list, place a check the box to the left of the entry and then click the Remove button.  

      Note

      When configuring a subdomain prepended by an asterisk ( * ), the subdomain will be processed by the Cloud Services Portal in the same manner as when adding a subdomain without prepending it with an asterisk. The use of an asterisk when configuring a subdomain is still allowed in the Cloud Services Portal but it will not be displayed within the Cloud Services Portal. For example, when adding the domain, *.subdomain.maindomain.com to a custom list, it will be modified to subdomain.maindomain.com. When viewing *.subdomain.maindomain.com, you will not see the asterisk being displayed. It will be displayed as subdomain.maindomain.com.

      Note

      When you configure an IP address without using a mask, the IP address will automatically be updated using a /32 subnet mask.
  5. Click Save & Close to save the configuration. BloxOne Threat Defense Cloud adds the custom list.


To view information on custom lists, see the following:



  • No labels

This page has no comments.