Create and manage safelist libraries in Splunk Enterprise Security

Note: This documentation topic on threat intelligence applies only to users using Threat Intelligence Management (Cloud), not native threat intelligence in Splunk Enterprise Security.

Create safelists in Splunk Enterprise Security to exclude particular indicators from your threat lists generated by Threat Intelligence Management (Cloud). Safelists ensure that threat lists remove indicators containing specific terms or phrases.

Follow these steps to add a safelist library:

In Splunk Enterprise Security, select Configure and then Threat intelligence.
Select Safelist libraries.
Select + Add safelist library.
Enter a name for the safelist.
Enter each item one by one, or select Add safelist items in bulk to enter a full list of safelist items.
Select Save.

After you add safelist libraries, you can edit or delete them from the list of libraries by selecting the pencil icon or the trash can icon.

Splunk Enterprise Security 8

Create and manage safelist libraries in Splunk Enterprise Security

See also

ON THIS PAGE

Splunk Enterprise

Splunk Cloud Platform

Splunkbase

Enterprise Security

SOAR

IT Service Intelligence

Content Packs

Splunk Observability Cloud

AppDynamics SaaS

AppDynamics On-Premises

SAP Agent

Developer Documentation

Splunkbase

Splunk Enterprise

Splunk Cloud Platform

Splunkbase

DATA MANAGEMENT

SEARCH AND ANALYTICS

ADMINISTRATION

Enterprise Security

SOAR

ENTERPRISE SECURITY

SOAR

RELATED APPS

IT Service Intelligence

Content Packs

ITSI

IT Ops

ADMINISTRATION

EXTENSIONS

Splunk Observability Cloud

MONITORING

DATA MANAGEMENT

ADMINISTRATION

AppDynamics SaaS

AppDynamics On-Premises

SAP Agent

ESSENTIALS

MONITORING

ADMINISTRATION

Developer Documentation

Splunkbase

PLATFORM

OBSERVABILITY

REFERENCE

Resources

REFERENCE

Learn More

Support

Create and manage safelist libraries in Splunk Enterprise Security

See also