Skip to main content

Currently working in a playbooks for cases regarding phishing and when i create entities from the EML file its common to have entities of domains and urls like outlook.com, microsoft.com,  in every case.

So i dont want to have those types of entities to not over populate the case with unnecessary information.

I have tried to use the Blocklist in SOAR settings with the action “Do not create entity” but for now its not working. Is there another option?

The entities are created using the “EmailUtilities - Parse Case Wall Email” action.


Thank You

Block list would be the easiest solution for this.

A common example on why the block list might not be working is the Entity Identifier entered in the blocklist and the actual value extracted from the email. This is case-sensitive and requires an exact match (you can also use wildcards *). Double-check for typos, extra spaces, or case differences. Also make sure it’s configured for the environment the entities are created in. 

 

If you’re still having issue please open a support case. 

 

 

Reply


Terms & ConditionsCookie settings
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.