Initiate a Blocklist Remediation

You can add indicators of compromise (IOCs) to the Threat Command internal Remediation Blocklist. Users of Threat Command Automation can feed the blocklist to an internal security device.

Initiate a blocklist remediation

Steps required to initiate a blocklist remediation.

To initiate a blocklist remediation:

  1. From the Alerts list, select an alert.
  2. From the Alert options  section, click temporary placeholder.
    If the IOCs icon is not displayed, the selected alert is not a candidate for blocklist remediation. The IOCs panel is displayed.
    temporary placeholder
  3. To add an IOC to the blocklist, point to it, and click the + sign.
    When an IOC has been added to the blocklist, a check is displayed.

For more information on feeding the blocklist to internal security devices, see Automate Internal Remediation.