Global List Actions
Use global list actions to add a file to the global quarantine list or the global safe list.
Adding a file to a global list affects all devices in your organization, unless the file is quarantined or waived at the device-level.
QRadar uses
Cylance
’s “Add to Global List” and “Delete from Global List” APIs. For details on functionality and success/error messaging, see the Cylance API User Guide.- In QRadar, selectCylance.
- SelectThreats & global list.
- Enter the SHA256 hash for the file.
- Select an action.ActionDescriptionMove to Safe ListThis action adds the SHA256 hash for a file to the global safe list. This allows the file to run on any device in your organization.Move to Quarantine ListThis action adds the SHA256 hash for a file to the global quarantine list. This will quarantine the file if it is found on any device in your organization.Remove from Safe ListThis action removes the SHA256 hash from the global safe list.Remove from Quarantine ListThis action removes the SHA256 from the global quarantine list.
- ClickApply.If the Write/Delete permissions were granted (see Application privileges), administrators can write to or clear global lists at any time. Before granting this permission, ensure that all administrators in your organization understand the risks involved.