Build your own watchlists by combining individual threat reports from multiple sources. Proactively combine reports and track the IOCs that matter most to you.


  1. Click > Enforce > Watchlists on the left navigation pane.
  2. Click Add watchlists and select the Build tab.
  3. Select the reports you want to add to the watchlist and click Add.
    To narrow down the listed reports:
    • Use the search text field to search by report's attributes, such as description, source, and name. You can also use the AND, OR, and NOT operators.
    • Use the Filters left panel to filter your reports by Source, Severity, and Tags.
  4. From the Add Reports pop-up screen, add your selected reports to a watchlist.
    • To add the reports to an existing watchlist, click the Watchlist drop-down menu and select from the available ones.
    • To add the reports to a new watchlist, click Add new and populate the name and description fields, and check any of the alert options.
  5. Click Add.


The newly created watchlist appears in the Watchlists page with a Custom Watchlist tag. If you missed checking the Evaluate on all existing data option, you can select the newly created custom watchlist and click Historical data from the Take Action drop-down menu.

What to do next

Once you create your watchlist, integrate your own threat intelligence by adding custom queries from the Investigate page.