Skip Navigation

Global List Actions

Use global list actions to add a file to the global quarantine list or the global safe list.
Adding a file to a global list affects all devices in your organization, unless the file is quarantined or waived at the device-level.
QRadar uses
Cylance
’s “Add to Global List” and “Delete from Global List” APIs. For details on functionality and success/error messaging, see the Cylance API User Guide.
  1. In QRadar, select
    Cylance
    .
  2. Select
    Threats & global list
    .
  3. Enter the SHA256 hash for the file.
  4. Select an action.
    Action
    Description
    Move to Safe List
    This action adds the SHA256 hash for a file to the global safe list. This allows the file to run on any device in your organization.
    Move to Quarantine List
    This action adds the SHA256 hash for a file to the global quarantine list. This will quarantine the file if it is found on any device in your organization.
    Remove from Safe List
    This action removes the SHA256 hash from the global safe list.
    Remove from Quarantine List
    This action removes the SHA256 from the global quarantine list.
  5. Click
    Apply
    .
    If the Write/Delete permissions were granted (see Application privileges), administrators can write to or clear global lists at any time. Before granting this permission, ensure that all administrators in your organization understand the risks involved.