Add a custom list

Use a custom list to define known and suspected IPs and domains. You must be an ETP super administrator, delegated administrator, or a tenant administrator to perform this task.

How to

  1. In the Enterprise Center navigation menu, select Policies > Lists.
  2. Click the plus sign icon () and select New Custom List.
  3. Complete the Name and Description fields.
  4. Select a Category as follows:
    • Malware: Domains and IP addresses of known or suspected malicious malware.
    • Phishing: Domains and IP addresses of known or suspected phishing websites that gather user credential information.
    • C&C: Domains and IP addresses used by malicious command and control servers
    • DNS Exfiltration: Domains and IP addresses that serve as a communication channel over DNS. This channel may be used to steal sensitive data or circumvent traditional access restrictions by allowing malware to communicate outside the network.
    • Other: Domains or IP addresses that are not associated with a specific threat category.
  5. To add known or suspected domains and IP addresses:
    1. Go to the tab that corresponds to the domain or IP address you are providing. For example, if you want to enter a known domain, go to the Known Domains tab.
    2. In the provided field, enter the domain or IP address.
    3. Repeat these steps for all the known and suspected domains or IP addresses that you want to provide.
  6. If you want to use a text file to specify multiple domains or IPs, see Configure and upload a custom list text file.
  7. Click Save.

Next steps

  1. Assign the custom list to a policy. For instructions, see Add a Block list to a policy.
  2. Deploy custom list changes to the ETP network. For instructions, see Deploy configuration changes.