Manage a list

Complete these tasks to manage or modify a list.

📘

You need to be an ETP administrator to perform many of the tasks in this topic.

Specify URLs in lists

When specifying URLs in lists, note these conditions:

  • Omit the protocol (for example, HTTP://) and port number.

  • Entering a domain name covers all sub-domains.

  • Wildcards are not supported, but are assumed at both ends of the URL. For example, example.com is equivalent to entering .example.com/.

  • Query parameters are supported, but require exact matching. Use query parameters only if you want to specify a single specific URL (see Example URLs).

  • Control Center normalizes URLs like this:

    • Only the host, path, and query elements are retained. Remaining elements are discarded.

    • All characters are converted to lowercase.

    • IPv4/IPv6 host canonicalization.

    • Path canonicalization.

  • You may specify a maximum of 20 sub-domains.

  • The same URL can be specified in a maximum of 8 different lists.

Example URLs:

Entry

Description

example.com

Includes the example domain and all subdomains, including:

  • example.com/a
  • example.com/a/b/c
  • example.com/a?x=123

marketing.example.com

Specifies the marketing subdomain in example.com.

example.com/path/

Includes all URLs under /path.

.a.com/a?y=1

When including query parameters, only exact matches are supported.

This entry does not match these parameters:

  • www.a.com/a?y=1;x=2
  • www.a.com/b?y=1

Download a CSV file with custom list or custom exception list items

When viewing or modifying a custom list or a custom exception list, you can download a CSV that contains the domains and IP addresses in the list. The CSV file organizes list information into these data columns:

  • Type. The type of data. For example, domains or IP addresses.
  • Value. The domain or IP address.
  • Confidence. The confidence level for the domain or IP address. For example, if it’s a known or suspected threat.

To download a CSV with custom list or custom exception list items:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

  2. Click the name of the custom list or the custom exception list.

  3. Click the download icon that appears at the top of the page. A CSV file is downloaded to your device.

Use text files to add list entries

When you display a list in the UI, the list page contains links for downloading a template file and for uploading a text file that contains addresses that you want to add to the list.

For example, in this image of a custom list, the download link is in the lower left and the upload link is in the upper right.

To use text files to add list entries:

  1. Download the template file for a specific list type. For instructions, see Download a list template file.

  2. Modify the template so that it specifies the addresses or data you want to add to the list.

  3. Upload the file so that addresses or data are added to the list in bulk. Based on the list type, refer to these instructions:

Download a list template file

When defining a list, you can manually enter each list entry or you can save time by using a text file. To do this, you download a template file that contains sample addresses in the correct format, modify the template so that it specifies multiple addresses that you want in the list, and upload the file so that the addresses are added to the list in bulk.

The template you download depends on the type of list you want to create.

To download a list template file:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

  2. Select an existing list or click the ellipsis IMAGE_STUBIMAGE_STUB in the upper right and select the list type.

  3. Below the text area, click the link that is available for the template file. This downloads the template file to your local system.

Next steps

Configure and upload list text files. Based on the list type, refer to these instructions:

Configure and upload a custom list text file

When configuring a custom list, you can upload text files that contain known or suspected domains and IP addresses. This procedure allows you to expedite the custom list configuration process because it allows you to add multiple domains or IP addresses at once.

You can modify template text files you downloaded from ETP or you can create separate text files that contain the domain and IP address information you need. When doing so, note that:

  • You need to provide a list of known IP addresses, known domains, suspected IP addresses, and suspected domains in separate text files.

  • Each domain or IP address needs to be on a separate line in the text file.

  • If you're creating a text file with known or suspected domains, you need to provide domains in the format:

    www.subdomain1.subdomain2.domain.com

    where:

    • subdomain1 and subdomain2 are subdomains in the domain name.

    • domain is the second-level domain.

    • .com is the top-level domain or domain extension.

  • If you're modifying a template file, replace the examples in the text file with the domain or IP address information you need.

To download a text file template for a known or suspected domain or IP addresses, see Download a list template file. If you prefer to add custom list domains or IP addresses without using text files, see Add a custom list.

To configure and upload a custom list text file:

  1. Configure separate text files for known IP addresses, known domains, suspected IP addresses, and suspected domains:

    1. In a new text file or a downloaded template text file, provide the information that is specific to the list content. For example, for a known IP address text file, list the IP addresses. Each entry needs to be on a separate line. If you are modifying a template file, replace the domain or IP address information with the information you need.

    2. Save the file to an accessible location on your computer.

    3. Repeat steps 1a and 1b for every text file that you are uploading. Make sure that each IP address or domain entry is on a separate line in the text file.

  2. If you are not already on the configuration page for a custom list:

    1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

    2. Click the name of the custom list that you want to edit or click the edit icon that appears when you hover over the list.

  3. Upload the text files that you configured:

    1. Go to the tab that corresponds to the text file you want to upload. For example, if you want to upload text files that contain known IP addresses, go to the Known IPs tab.

    2. Click upload icon.

    3. In the browser file search window, locate and select the text file you need.

    4. Repeat steps 3a to 3c for all the text files you want to upload.

Next steps

Deploy your changes to the ETP network as described in Deploy configuration changes.

Configure and upload a top-level domains list text file

When configuring a top-level domains list, you can upload text files that contain top-level domains. This procedure expedites the list configuration process because it allows you to add multiple top-level domains at once.

You can modify template text files that you downloaded from ETP or you can create separate text files that contain the top-level domains you need. When doing so, note that:

  • Each top-level domain needs to be on a separate line in the text file.

  • Make sure to omit the dot before the top-level domain.

  • You cannot create a top-level domains list that contains the com, org, and net top-level domains.

  • If you're modifying a template file, replace the examples in the text file with the top-level domains you want to add.

To download a template file where you can enter and upload list content, see Download a list template file. If you prefer adding top-level domains without using text files, see Add a top-level domain list.

To configure and upload a top-level domains list text file:

  1. In a new text file or a downloaded template text file, enter top-level domains. Each entry needs to be on a separate line. If you are modifying a template file, replace the top-level domains included in the file with the domains you want to add to the list.

  2. Save the file to an accessible location on your computer.

  3. If you are not already on the configuration page for a top-level domains list:

    1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

    2. Click the name of the top-level domains list that you want to edit or click the edit icon that appears when you hover over the list.

  4. Upload the text file that you configured:

    1. Click the upload icon.

    2. In the browser file search window, locate and select the text file you need.

Next steps

Deploy your changes to the ETP network as described in Deploy configuration changes.

Configure and upload a custom exception list text file

When configuring an exception list, you can upload text files that contain domains or IP addresses. This procedure allows you to expedite the list configuration process because it allows you to add multiple domains or IP addresses at once.

You can modify template text files that you downloaded from ETP or you can create separate text files that contain the domain and IP address information you need. When doing so, note that:

  • You need to provide a list of domains and IP addresses in separate text files.

  • Each domain or IP address needs to be on a separate line in the text file.

  • If you are creating a text file with domains, you need to provide domains in the format:

    www.subdomain1.subdomain2.domain.com

    where:

    • subdomain1 and subdomain2 are subdomains in the domain name.

    • domain is the second-level domain.

    • .com is the top-level domain or domain extension.

  • If you're modifying a template file, replace the examples in the text file with the domain or IP address information you need.

To download a text file template for known or suspected domains or IP addresses, see Download a list template file. If you prefer to add exception list domains or IP addresses without using text files, see Add a custom exception list.

To configure and upload a custom exception list text file:

  1. Configure separate text files for exception list domains and IP addresses:

    1. In a new text file or a downloaded template text file, provide the information that is specific to the list content. For example, for an IP address text file, list the IP addresses. Each entry needs to be on a separate line. If you are modifying a template file, replace the domain or IP address information with the information you need.

    2. Save the file to an accessible location on your computer.

    3. Repeat steps 1a and 1b for every text file that you are uploading. Make sure that each IP address or domain entry is on a separate line in the text file.

  2. If you are not already on the configuration page for an exception list:

    1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

    2. Click the name of the exception list that you want to edit or click the edit icon that appears when you hover over the list.

  3. Upload the text files that you configured:

    1. Go to the tab that corresponds to the text file you want to upload. For example, if you want to upload text files that contain IP addresses, go to the Exception List IPs tab.

    2. Click upload icon.

    3. In the browser file search window, locate and select the text file you need.

    4. Repeat steps 3a to 3c for all the text files you want to upload.

Next steps

Deploy your changes to the ETP network as described in Deploy configuration changes.

Configure and upload a file hash list text file

When configuring a file hash exception list, you can upload text files that contain hash values. This procedure expedites the list configuration process because it allows you to add multiple hashes at once.

You can modify template text files that you downloaded from ETP or you can create text files that contain the hashes you need. When doing so, note that:

  • Each hash needs to be on a separate line in the text file.

  • If you're modifying a template file, replace the examples in the text file with the hashes you want to add.

  • Make sure you provide SHA-256 hashes that are formatted with 64 hexadecimal characters.

To download a template file where you can enter and upload list content, see Download a list template file. If you prefer adding file hashes without using text files, see Add a file hash exception list or Add a file hash block list.

To configure and upload a file hash list text file:

  1. In a new text file or a downloaded template text file, enter file hashes. Each entry needs to be on a separate line. If you are modifying a template file, replace the hashes included in the file with the file hashes that you want to add to the list.

  2. Save the file to an accessible location on your computer.

  3. If you are not already on the configuration page for a file hash list:

    1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

    2. Click the name of the file hash list that you want to edit or click the edit icon that appears when you hover over the list.

  4. Upload the text file that you configured:

    1. Click the upload icon.

    2. In the browser file search window, locate and select the text file you need.

  5. Click Save.

Next steps

Deploy your changes to the ETP network as described in Deploy configuration changes.

Configure and upload a URL block list or URL exception list text file

To configure and upload a text file for adding entries to a URL block list or URL exception list:

  1. Download a URL block list or URL exception list template file as described in Download a list template file.

  2. Modify the template file so that it contains the URLs you want to add to the list. For details on providing URLs, see Specify URLs in lists.

  3. From the URL block list or URL exception list page, click the upload icon that appears at the top of the page. The URL addresses are added to the list.

Next steps

Deploy your changes to the ETP network as described in Deploy configuration changes.

Delete a list

You can delete a list that you no longer require. After deleting the list, you need to deploy configuration changes to the ETP network.

You need to be an ETP administrator to perform this task. If you are a delegated administrator or strict delegated administrator, you can delete a list that you created or that you are allowed to access.

📘

You cannot delete a list that is assigned to a policy. You need to remove it from the policy before it can be deleted.

To delete a list:

  1. In the Threat Protection menu of Enterprise Center, select Policies > Lists.

  2. Hover over the list that you want to delete.

  3. Click the trash bin icon that appears.

  4. Click Yes to confirm the deletion.

Next steps

Deploy your changes to the ETP network as described in Deploy configuration changes.


Did this page help you?