Initiate a Blocklist Remediation
You can add indicators of compromise (IOCs) to the Threat Command internal Remediation Blocklist. Users of Threat Command Automation can feed the blocklist to an internal security device.
Initiate a blocklist remediation
Steps required to initiate a blocklist remediation.
To initiate a blocklist remediation:
- From the Alerts list, select an alert.
- From the Alert options section, click .
If the IOCs icon is not displayed, the selected alert is not a candidate for blocklist remediation. The IOCs panel is displayed.
- To add an IOC to the blocklist, point to it, and click the + sign.
When an IOC has been added to the blocklist, a check is displayed.
For more information on feeding the blocklist to internal security devices, see Automate Internal Remediation.