I was wondering if anyone knows how to add ip addresses to these lists.
If you have an ip address in a connection event,you can right click it and choose "add to Whitelist" or "Add to Blacklist"
I have an ip address that i know is malicious, but the connection events that it was involved in have already been pruned.
If i go into object management / security intelligence / network lists and feeds, i can see the black and white lists
but i can only delete items from them. I need to be able to add to them.
I also don't want to make a new list, i just want to add to the global ones because they are already defined in my rules
You need to create a new object with the addresses or URLs you wish to block.
Then modify your relevant Access Control Policy (under the Secuity Intelligence tab) to include that object among the blacklisted networks or URLs.
That's what i was hoping to avoid.
I'll make a group after i create the object, and add the group to my policies so i can add more manual entries later.
or simply add your own network list in a text file - upload to network lists, and add the list to your security intelligence blacklist as mentioned above.