Views:
  1. Go to Threat Intelligence > Custom Intelligence > User-Defined Suspicious Objects.

    The User-Defined Suspicious Objects screen appears.

  2. Click Add.

    The Add Object dialog appears.

  3. Select the object type:

    • IP address: type an IP address or a hyphenated range.

      Note:

      IPv4 and IPv6 addresses and subnet mask bits are supported.

    • URL: type a URL.

      Note:

      HTTP and HTTPS URLs are supported.

    • File SHA-1: type the SHA-1 hash value of a file.

    • File SHA-256: type the SHA-256 hash value of a file.

    • Domain: type a domain name.

      Note:

      One wildcard (*) connected with a "." in the domain prefix is supported.

  4. (Optional) Type a description for this object.
  5. Click Add.

    The object appears in the User-Defined Suspicious Objects list. Registered appliances receive the updated User-Defined Suspicious Objects list during the next synchronization.

    Tip:

    Objects can also be added from product intelligence.

    For details, see Copying C&C Callback Addresses to User-Defined Suspicious Objects.

Parent topic: User-Defined Suspicious Objects