You can create custom lists of special interest, for example, hosts holding
confidential information, or users who have come under suspicion. For example, you
can select custom lists as triggers for playbooks.
To create a custom list, you have two options:
Manually create a new list and add your items.
Download a template with sample data, add your information using the provided format, and then import it. This is especially useful for new customers who want to upload existing data to the platform.
To add
a new custom list, do the following:
Go toSOAR Settings>Environments>Custom
Lists.
ClickaddAdd.
Enter the relevant information into theAdd Custom Listdialog and clickAdd.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eCustom lists can be created in Google SecOps SOAR to define items of special interest, such as sensitive hosts or suspicious users.\u003c/p\u003e\n"],["\u003cp\u003eThese custom lists can be used as triggers for Playbooks within the platform, adding an extra layer of automation.\u003c/p\u003e\n"],["\u003cp\u003eUsers can download a template with sample data to help them format existing data before importing it into the platform.\u003c/p\u003e\n"],["\u003cp\u003eIdentifiers for custom lists can be defined for multiple environments by using a vertical line separator, or all environments by using an asterisk.\u003c/p\u003e\n"],["\u003cp\u003eAdding a new list is done through the Custom Lists section of SOAR Settings, where you must populate the information in the dialog box.\u003c/p\u003e\n"]]],[],null,["Create custom lists \nSupported in: \nGoogle secops [SOAR](/chronicle/docs/secops/google-secops-soar-toc) \nYou can create custom lists of special interest, for example, hosts holding\nconfidential information, or users who have come under suspicion. For example, you\ncan select custom lists as triggers for playbooks.\n\nTo create a custom list, you have two options:\n\n- Manually create a new list and add your items.\n- Download a template with sample data, add your information using the provided format, and then import it. This is especially useful for new customers who want to upload existing data to the platform.\n\n| **Note:** You can define identifiers for multiple environments by separating the environments with a vertical line, for example: `Default Environment|customer_123`. Enter the **\\*** asterix sign for environment define the identifier for all environments.\n\nTo add\na new custom list, do the following:\n\n1. Go to **SOAR Settings \\\u003e Environments \\\u003e Custom\n Lists.**\n2. Click add**Add**.\n3. Enter the relevant information into the **Add Custom List** dialog and click **Add**.\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
