Add To Block List
Add threats that have a SHA1 hash and that match the filter to the Blocklist of the target scope: Global, Account, Site, or Group. Your role must have permissions to change the Blocklist - Admin, IR Team, SOC - and your user scope access must include the Agent.
Parameters
| Parameter | Description |
|---|---|
| Agents IDs | List of agents IDs to filter by. |
| Target Scope | Scope to be used for Restrictions. |
| Threats IDs | List of threats IDs to add to exclusions. |
Example Output
{
"errors": [
{
"type": "object"
}
],
"data": {
"affected": "integer",
"details": [
{
"analystVerdict": "updated",
"result": "created",
"threatId": "225494730938493804"
}
]
}
}
Workflow Library Example
Add to Block List with Sentinelone and Send Results Via Email
Preview this Workflow on desktop