Add To Block List - Blink Documentation

Add threats that have a SHA1 hash and that match the filter to the Blocklist of the target scope: Global, Account, Site, or Group. Your role must have permissions to change the Blocklist - Admin, IR Team, SOC - and your user scope access must include the Agent.

Parameters

Parameter	Description
Agents IDs	List of agents IDs to filter by.
Target Scope	Scope to be used for Restrictions.
Threats IDs	List of threats IDs to add to exclusions.

Example Output

{
	"errors": [
		{
			"type": "object"
		}
	],
	"data": {
		"affected": "integer",
		"details": [
			{
				"analystVerdict": "updated",
				"result": "created",
				"threatId": "225494730938493804"
			}
		]
	}
}

Workflow Library Example

Add to Block List with Sentinelone and Send Results Via Email

Preview this Workflow on desktop

Integrations

​Parameters

​Example Output

​Workflow Library Example

Parameters

Example Output

Workflow Library Example