The Add/Remove from List dialog allows you to add or remove an entity or meta value to an existing list or create a new list. For example, when you look up an IP address and you find it suspicious or interesting, you can add it to a relevant list, which has been added a data source. This improves the visibility of the suspicious IP addresses. You can also add entities or meta values to different lists. For example, you can add them to one list for suspected domains related to command and control connections and to another list for Trojan connections IP addresses related to remote access. If a list is not available, you can create a list. You can also remove the entity or meta value from a list.
What do you want to do?
- Investigate the Incident
- Reviewing Alerts
- View Contextual Information (Incident Details view)
- View Contextual Information (Alert Details view)
|1||Entities or meta values to be added or removed.|
|2||Create a new list using the selected meta.|
|3||Select any of the tabs: All, Selected, or Unselected.|
|4||Search using the list name or description.|
|5||Cancel the action.|
|6||Save to update lists or create a new list.|
Add/Remove from List
To access the Add/Remove from List dialog, in the Incident Details view or the Alert Details view, hover over the underlined entity that you would like to add or remove from a Context Hub list. A context tooltip appears showing the available actions.
In the Actions section of the tooltip, click Add/Remove from List. The Add/Remove From List dialog shows the available lists.
The following table shows the options in the Add/Remove from List dialog.