You may have instances in which you want to add multiple entries to a Symantec Advanced Threat Protection (ATP) Whitelist or Blacklist. For example, you might want to export your Whitelist or Blacklist from one ATP instance and import it into another. Or, you might want to periodically export your Whitelist and Blacklist and save them as backups.
ATP has several methods that you can use to import or export of policies in bulk:
ATP handles duplicates gracefully (i.e., ATP identifies when an entry is a duplicate and makes no changes to the original entry).
After ATP finishes importing policies, it provides a success message or failure message. If the process of importing policies takes more than 60 seconds, the process times-out and a message appears. You can check the Logging > System Activity page for more information.
When you import policies or export policies in ATP Manager, you can check the Logging > System Activity page for the status. The status also provides the number of duplicate entries, if any are found.
To import Whitelist policies or Blacklist policies in ATP Manager
In ATP Manager on the Policies page, click the plus icon and select Import Policy.
In the Import Policy dialog box, click Browse. Locate and select the file that you want to import.
The file must be in .json format.
A message appears indicating whether the list was successfully imported.
In the Import Policy dialog box, click Ok.
The newly imported entries should appear in the policy list.
To export Whitelist or Blacklist policies in ATP Manager
In ATP Manager on the Policies page, click the plus icon and select Export Policy.
In the Export Policy dialog box, type the name that you want to give to the export report.
A message appears indicating whether the list was successfully exported.
In the Export Policy dialog box, click Ok.
View your report on the Reports > Exports Report page.
This file explains what arguments you should type to import entries or export entries into your ATP Whitelist or Blacklist. It also provides the argument for how to delete all of your Whitelist entries and Blacklist entries. The file provides several command-line examples to demonstrate how to type the command.
This file is the Python script that you run to perform the tasks that you want to perform.
How to download the required files and run the Python script
Contact Symantec Support to obtain the required files: