Guide
TrainingSupportCommunity

Manage a list

Suggest Edits

Complete these tasks to manage or modify a list.

📘

You need to be an ​SIA​ administrator to perform many of the tasks in this topic.

Specify URLs in lists

When specifying URLs in lists, note these conditions:

  • Omit the protocol (for example, HTTP://) and port number.

  • Entering a domain name covers all sub-domains.

  • Wildcards are not supported, but are assumed at both ends of the URL. For example, example.com is equivalent to entering .example.com/.

  • Query parameters are supported, but require exact matching. Use query parameters only if you want to specify a single specific URL (see Example URLs).

  • Control Center normalizes URLs like this:

    • Only the host, path, and query elements are retained. Remaining elements are discarded.

    • All characters are converted to lowercase.

    • IPv4/IPv6 host canonicalization.

    • Path canonicalization.

  • You may specify a maximum of 20 sub-domains.

  • The same URL can be specified in a maximum of 8 different lists.

Example URLs:

EntryDescription
example.comIncludes the example domain and all subdomains, including:


  • example.com/a
  • example.com/a/b/c
  • example.com/a?x=123
marketing.example.comSpecifies the marketing subdomain in example.com.
example.com/path/Includes all URLs under /path.
.a.com/a?y=1When including query parameters, only exact matches are supported.

This entry does not match these parameters:


  • www.a.com/a?y=1;x=2
  • www.a.com/b?y=1

Download a CSV with list entries

You can download a CSV file that contains list entries in an exception or block list.

The CSV file organizes list information into these data columns:

  • Type. The type of data that is shown. Depending on the list, domain, IP address, or file hash are possible types.
  • Value. The value in the list entry. For example, this can be the domain, IP address, URL, or hash value in a list.
  • Confidence. The confidence level for the item in the list. For example, this area indicates if it’s a known or suspected threat.

To download a CSV with list entries:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

  2. Click the edit icon for the list.

  3. Click the download icon that appears at the top of the page. A CSV file is downloaded to your device.

Use CSV files to add list entries

You can add list entries with a CSV file. To expedite the list creation process, download a CSV template file in Enterprise Center, update the file with list entries, and then upload it. Each list section provides a specific CSV template file that you can download for this purpose.

To use CSV files to add list entries:

  1. Download the template file for a specific list type. For instructions, see Download a list template file.

  2. Modify the template so that it specifies the data you want to add to the list.

  3. Upload the CSV file so that data is added in bulk. Based on the list data, refer to these instructions:

Download a list template file

When defining a list, you can manually enter each list entry or you can save time by using a CSV file. To do this, you download a template file that contains sample data in the correct format, modify the template so that it specifies the data that you want in the list, and upload the file to add this data in bulk.

The template you download depends on the type of data you are defining in a list.

To download a list template file:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

  2. Click the edit icon for an existing list.

  3. Go to the list section for the data that you want to define in the list.

  4. Expand the section of the list.

  5. Below the text box, there is a statement that says “Download and complete this CSV file to upload list items.” Click this CSV file to download the template file to your local system.

Next steps

Configure and upload CSV files for your list entries. Based on the data you are defining, refer to these instructions:

Configure and upload domains or IP addresses with a CSV file

When creating a list, you can upload a CSV file that contains list entries. This process allows you to expedite the list configuration because you can add multiple domains or IP addresses at once.

You can modify CSV template files you downloaded from ​SIA​ or you can create separate CSV files that contain the domain and IP address information you need. When doing so, note that:

  • If you are creating a block list, you need to provide a list of known domains, known IP addresses, suspected IP addresses, and suspected domains in separate CSV files.

  • Each domain or IP address needs to be on a separate cell and row of the CSV file.

  • If you're creating a CSV file with known or suspected domains, you need to provide domains in the format:

    www.subdomain1.subdomain2.domain.com

    where:

    • subdomain1 and subdomain2 are subdomains in the domain name.

    • domain is the second-level domain.

    • .com is the top-level domain or domain extension.

  • If you're modifying a template file, replace the examples in the CSV file with the domain or IP address information you need.

To download a template, see Download a list template file. If you prefer to add domains or IP addresses without using CSV files, see Create a List.

To configure and upload domains or IP addresses with a CSV file:

  1. Configure separate CSV files for known IP addresses, known domains, suspected IP addresses, and suspected domains:

    1. In a new CSV file or a downloaded template file, provide the information that is specific to the list content. For example, for a known IP address CSV file, list the IP addresses. Each entry needs to be on a separate cell and row. If you are modifying a template file, replace the domain or IP address information with the information you need.

    2. Save the file to an accessible location on your computer.

    3. Repeat steps 1a and 1b for every CSV file that you are uploading. Make sure that each IP address or domain entry is on a separate cell and row of the CSV file.

  2. If you are not already on the configuration page for a list:

    1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

    2. Click the edit icon for the list that you want to edit.

  3. Upload the CSV files that you configured:

    1. Go to the section that corresponds to the CSV file you want to upload. For example, if you want to upload a CSV file that contains known IP addresses for a block list, go to the IPs section.

    2. Click the upload icon.

    3. In the browser file search window, locate and select the CSV file you need.

    4. Repeat steps 3a to 3d for all the CSV files you want to upload.

Next steps

Deploy your changes to the ​SIA​ network as described in Deploy configuration changes.

Configure and upload top-level domains with a CSV file

When configuring top-level domains in a block list, you can upload CSV files that contain top-level domains. This procedure expedites the list configuration process because it allows you to add multiple top-level domains at once.

You can modify CSV template files that you downloaded from ​SIA​ or you can create separate CSV files that contain the top-level domains you need. When doing so, note that:

  • Each top-level domain needs to be on a separate cell and row of the CSV file.

  • Make sure to omit the dot before the top-level domain.

  • You cannot create a top-level domains list that contains the com, org, and net top-level domains.

  • If you're modifying a template file, replace the examples in the CSV file with the top-level domains you want to add.

To download a template file where you can enter and upload list content, see Download a list template file. If you prefer adding top-level domains without using CSV files, see Create a list.

To configure and upload top-level domains with a CSV file:

  1. In a new CSV file or a downloaded template file, enter top-level domains. Each entry needs to be on a separate cell and row of the CSV file. If you are modifying a template file, replace the top-level domains included in the file with the domains you want to add to the list.

  2. Save the file to an accessible location on your computer.

  3. If you are not already on the configuration page for a list:

    1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

    2. Click the edit icon for the list that you want to edit.

  4. Upload the CSV file that you configured:

    1. Go to the Top-Level Domains section and expand it.

    2. In the browser file search window, locate and select the CSV file you need.

Next steps

Deploy your changes to the ​SIA​ network as described in Deploy configuration changes.

Configure and upload file hashes with a CSV file

You can upload CSV files that contain hash values. This procedure expedites the list configuration process because it allows you to add multiple hashes at once.

You can modify CSV template files that you downloaded from ​SIA​ or you can create CSV files that contain the hashes you need. When doing so, note that:

  • Each hash needs to be on a separate cell and row of the CSV file.

  • If you're modifying a template file, replace the examples in the CSV file with the hashes you want to add.

  • Make sure you provide SHA-256 hashes that are formatted with 64 hexadecimal characters.

To download a template file where you can enter and upload list content, see Download a list template file. If you prefer adding file hashes without using CSV files, see Create a list.

To configure and upload file hashes with a CSV file:

  1. In a new CSV file or a downloaded template file, enter file hashes. Each entry needs to be on a separate row and cell of the CSV file. If you are modifying a template file, replace the hashes included in the file with the file hashes that you want to add to the list.

  2. Save the file to an accessible location on your computer.

  3. If you are not already on the configuration page for a list:

    1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

    2. Click the edit icon for the list that you want to edit.

  4. Go to the File Hashes section and expand it.

  5. Upload the CSV file that you configured:

    1. Click the upload icon.

    2. In the browser file search window, locate and select the CSV file you need.

Next steps

Deploy your changes to the ​SIA​ network as described in Deploy configuration changes.

Configure and upload URLs with a CSV file

Complete this procedure to configure and upload a CSV file that contains URL entries for a block or exception list.

To configure and upload URLs with a CSV file:

  1. Download a template file for URLs. See Download a list template file.

  2. Modify the template file so that it contains the URLs you want to add to the list. For details on providing URLs, see Specify URLs in lists.

  3. If you are not already on the configuration page for a list:

    1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.
    2. Click the edit icon for the list that you want to edit.

  4. Go to the URL section

  5. Click the arrow icon to expand the list section.

  6. Click the upload icon that appears at the top of the page. The URL addresses are added to the list.

Next steps

Deploy your changes to the ​SIA​ network as described in Deploy configuration changes.

Delete a list

You can delete a list that you no longer require. After deleting the list, you need to deploy configuration changes to the ​SIA​ network.

You need to be an ​SIA​ administrator to perform this task. If you are a delegated administrator or strict delegated administrator, you can delete a list that you created or that you are allowed to access.

📘

You cannot delete a list that is assigned to a policy. You need to remove it from the policy before it can be deleted.

To delete a list:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

  2. Hover over the list that you want to delete.

  3. Click the trash bin icon that appears.

  4. Click Yes to confirm the deletion.

Next steps

Deploy your changes to the ​SIA​ network as described in Deploy configuration changes.

Updated 2 months ago