Add To Blocklist Deep Visibility
From Deep Visibility results, add a SHA1 hash to the Blocklist. Set the scope of the Blocklist: Global, Account, Site, or Group. The SHA1 and the agent ID are required (see Deep Visibility > Get Events). Your role must have permissions to change the Blocklist - Admin, IR Team, SOC - and your user scope access must include the scope of the agent.
Parameters
| Parameter | Description |
|---|---|
| Agent ID | Agent that reported the DV event. |
| Hash | Hash to add to restrictions. |
| Target Scope | Scope to be used for restrictions. |
Example Output
{
"errors": [
{
"type": "object"
}
],
"data": {
"affected": "integer"
}
}
Workflow Library Example
Add to Blocklist Deep Visibility with Sentinelone and Send Results Via Email
Preview this Workflow on desktop