Creating Manual Domain Allow Lists
Navigate to Collect > Lists in the left-hand navigation menu to create a manual Domain list. Select the Create button in the top-right corner.
Allow List Details
Provide the following information (* indicates required field):
Field Name | Description |
Name* | Unique list name required |
Source* | Options include Manual or Plugin but in this example, select Manual. |
List Type* | Options include Allow, Block or Threat. Only Allow or Block Lists are available for Manual creation as manual Threat Lists (IP & Domain) are not supported at this time. |
Indicator* | Options include IP or Domain but in this example, select Domain |
Description | A brief summary of the list |
Select Next to proceed to the Add Entries step once all required fields are complete.
Add Allow List Entries
To add entries to the Allow List, enter the following (* indicates required field):
Field Name | Description |
Domain* | The Domain being allowed |
Expiration* | Options including keeping the default expiration to "Never" or providing an expiration date and time. |
Select the Add button to add the Domain to the Allow List. Follow the steps above to add additional Domains to the list. Select the Next button once all Domains are added.
Apply Allow List to Policies
Entries within a Domain list are not allowed until the List is applied to a Policy. To apply this new list to a policy, select the applicable policies. Select the Create List button to create the List once all desired selections are made.
Creating Manual Domain Block Lists
Navigate to Collect > Lists in the left-hand navigation menu to create a manual IP list. Select the Create button in the top-right corner.
Block List Details
Provide the following information (* indicates required field):
Field Name | Description |
Name* | Unique list name required |
Source* | Options include Manual or Plugin but in this example, select Manual. |
List Type* | Options include Allow, Block or Threat. Only Allow or Block Lists are available for Manual creation as manual Threat Lists (IP & Domain) are not supported at this time. |
Indicator* | Options include IP or Domain but in this example, select Domain |
Description | A brief summary of the list |
Select Next to proceed to the Add Entries step once all required fields are complete.
Add Block List Entries
To add entries to the Block List, enter the following (* indicates required field):
Field Name | Description |
Domain* | The Domain being allowed |
Expiration* | Options including keeping the default expiration to "Never" or providing an expiration date and time. |
Select the Add button to add the IP to the Block List. Follow the steps above to add additional IPs to the list. Select the Next button once all IPs are added.
Apply Block List to Policies
Entries within a Domain list are not allowed until the List is applied to a Policy. To apply this new list to a policy, select the applicable policies. Select the Create List button to create the List once all desired selections are made.
Utilizing Plugin for Domain Allow List Creation
Navigate to Collect > Lists in the left-hand navigation menu to utilize a plugin Domain list. Select the Create button in the top-right corner.
Allow List Details
Provide the following information (* indicates required field):
Field Name | Description |
Name* | Unique list name required |
Source* | Options include Manual or Plugin but in this example, select Plugin. |
List Type* | Options include Allow, Block or Threat. |
Indicator* | Options include IP or Domain but in this example, select Domain |
Description | A brief summary of the list |
Select Next to proceed to the Set Up External List step once all required fields are complete.
Add Allow Entries
Select the Plugin from the drop-down. Options for Allow List Plugins include:
Once Plugin requirements are complete, select Next to apply to policies.
Apply Allow List to Policies
Entries within a Domain list are not allowed until the List is applied to a Policy. To apply this new list to a policy, select the applicable policies. Select the Create List button to create the List once all desired selections are made.
Utilizing Plugin for Domain Block List Creation
Navigate to Collect > Lists in the left-hand navigation menu to utilize a plugin Domain list. Select the Create button in the top-right corner.
Block List Details
Provide the following information (* indicates required field):
Field Name | Description |
Name* | Unique list name required |
Source* | Options include Manual or Plugin but in this example, select Plugin. |
List Type* | Options include Allow, Block or Threat. |
Indicator* | Options include IP or Domain but in this example, select Domain |
Description | A brief summary of the list |
Select Next to proceed to the Set Up External List step once all required fields are complete.
Add Block Entries
Select the Plugin from the drop-down. Options for Block List Plugins include:
- AlienVault OTX
- Anomali
- Block Domain Basic HTTP
- Basic STIX/TAXII
- Block Domain CSV File Connector
- H-ISAC
- IntSights
- MS-ISAC
- Proofpoint
- Recorded Future
- Recorded Future Security Control
- ThreatConnect
- Block Domain ThreatSTOP
Once Plugin requirements are complete, select Next to apply to policies.
Apply Block List to Policies
Entries within a Domain list are not allowed until the List is applied to a Policy. To apply this new list to a policy, select the applicable policies. Select the Create List button to create the List once all desired selections are made.
Adding and Removing Manual List Entries
Adding Domain Entries
Select the applicable List tab (Allow or Block) to add entries to a Manual List. Find the list in the table and click on the list name.
Use the Search field to enter the Domain. If the entry does not already exist in the list, select the "+" button to add the IP(s). In the right-hand panel, enter the additional required data and click Add. Follow the steps above to add additional entries to the list.
Removing Domain Entries
Select the applicable List tab (Allow or Block) to remove entries to a Manual List. Find the list in the table and click on the list name.
Select the checkboxes next to the entries that should be removed. Select the Trash can button. The button will include a count of the selected entries if more than one entry was selected.
Select the Delete button on the confirmation modal. The entires are now deleted from the list and can't be retrieved.
Editing All List Components
A Manual Domain List can be edited including its details and entries. Select the applicable List tab (Allow or Block), find the list in the table and from the ellipsis menu, select Edit.
Certain fields like List Type, Source and Indicator can't be edited. Edit Entities gives you the ability to add or remove entities. Refer to Adding & Removing Manual List Entries section for guidance on how to amend existing list entries. If no other List edits are desired, select the Save button in the top right corner.
Deleting a List
Select Delete from the ellipsis menu of the table to delete a Domain List. Lists that are tagged as Public Access can't be deleted by end users.
Select Delete on the confirmation modal. The list is now deleted and can't be retrieved.
Comments
0 comments
Please sign in to leave a comment.