Use a custom list to define known and suspected IPs and domains. You must be an ETP super administrator, delegated administrator, or a tenant administrator to perform this task.
In the navigation menu, select
. Note: If you are trying the new Enterprise Center interface, in the navigation menu, select .
- Click the plus sign icon () and select New Custom List.
- Complete the Name and Description fields.
Select a Category
- Malware: Domains and IP addresses of known or suspected malicious malware.
- Phishing: Domains and IP addresses of known or suspected phishing websites that gather user credential information.
- C&C: Domains and IP addresses used by malicious command and control servers
- DNS Exfiltration: Domains and IP addresses that serve as a communication channel over DNS. This channel may be used to steal sensitive data or circumvent traditional access restrictions by allowing malware to communicate outside the network.
- Other: Domains or IP addresses that are not associated with a specific threat category.
To add known or suspected domains and IP
- Go to the tab that corresponds to the domain or IP address you are providing. For example, if you want to enter a known domain, go to the Known Domains tab.
- In the provided field, enter the domain or IP address.
- Repeat these steps for all the known and suspected domains or IP addresses that you want to provide.
- If you want to use a text file to specify multiple domains or IPs, see Configure and upload a custom list text file.
- Click Save.