Skip to main content
Skip table of contents

Bulk Whitelists

When a user adds a whitelist rule on a case or incident, the following occurs:

  • That case or incident is whitelisted. The whitelisted field is set to true (whitelisted:true) in case and incident. The whitelisted field is set to true (whitelisted:true) in the cases's or incident's MainEvent.
  • Any forthcoming events (scored-events) matching the whitelist rule do not become an IOA or case-event.
  • Existing cases and incidents are reviewed, and any that match the whitelist rule are whitelisted.

Use Case #1

If a case or incident does not have all its IOAs whitelisted (whitelisted:true), then that case or incident will not be whitelisted. In the following case, all the IOAs associated with this incident are whitelisted and hence the incident is whitelisted



Use Case #2

In this case, the incident does not have all its IOAs whitelisted and hence this incident will not be whitelisted. 


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close