Configure the company safelist to ignore certain indicators
The company safelist is the list of Indicators that will never be processed for your organization's users. Whitelisting applies to the Graph view of Reports and the Graph view of Indicators and to correlation counts. This feature does not support the use of wildcards or CIDR blocks.
Modifications to the company safelist are applied retroactively and affect all users in your organization.
View the company safelist
Perform the following steps to view the company safelist:
- Click the User Settings icon on the navigation bar.
- Select Settings from the popup menu.
- Click Safelist from the list of options.
Edit the company safelist
When viewing the company safelist, you can add terms to any section.
- Click the plus-sign button directly below the Company Safelist heading.
- In the Add Entity popup, type the Indicator information you want to safelist.
- Click Save to add the term to the company safelist.
Bulk uploading to the safelist
You can use copy and paste to add a group of terms to the whitelist.
- Click the Bulk Upload button directly below the Company Whitelist heading.
- In the Bulk Upload popup, paste the terms you want to add to the whitelist. Each terms must be on a separate line.
- Click Save to add the terms to the company whitelist.
Delete terms from the company safelist
While viewing the company whitelist, you can delete any single term by clicking on the trashcan icon on the right side of the entry.
Remove all safelisted terms
To remove the entire whitelist, click the Clear All button.
Clear All will remove all terms from the company whitelist. There is no undo for this command.
Add, edit, and remove users from Splunk Intelligence Management
Use the redaction library to remove information from reports
This documentation applies to the following versions of Splunk® Intelligence Management (Legacy): current