Defining Security Control Lists

  • Release version: Zurich
  • Updated July 31, 2025
  • 1 minute to read

    • Use this feature to add or remove observables in bulk.

    Before you begin

    Role required: sn_sec_tisc.admin

    Procedure

    1. Navigate to Workspaces > Threat Intelligence Security Center > Administration.
    2. Go to Security Control Lists.
      For example, adding observables to allow list then go to Allow list option.
    3. Select Allow List.
    4. Select the Observables type such as IP Address, File and so on to add to the allow list.
    5. Click Add.
      The Select Observables For Allow list is displayed.
    6. Select all those observables that are required to be added to the allow list.
    7. Click Add to Allow List.
      The selected observables are added.
    8. Similarly, select Add to Deny list to add the observables to the removed list.
    9. Select Add to Watch list to add the observables to the watch list.
      Note:
      You can directly add the observables to allow list, deny list, or watch list directly from the Observables form view page, which are available above the form banner.
    10. To verify, navigate to Threat Intel Library.
    11. Select the observable type that was added to the allow list.
      The observable is indicated as added to allow list.
      Note:
      Allow list and deny list are mutually exclusive and the system will automatically ensure that an observable in allow list is not part of deny list and vice-versa.