About custom lists

Custom lists in CIS allow you to group related data—such as IP addresses, hostnames, or Autonomous System Numbers (ASNs) into named collections that can be reused across multiple rule expressions. These lists simplify management, improve rule clarity, and provide a more scalable way to control access and filtering.

What are custom lists?

A custom list is a reusable set of similar data entries. Instead of hardcoding multiple values into every rule, you can define a custom list once and reference it by name in your custom security rules. This approach is ideal for managing dynamic threat intelligence feeds, trusted traffic sources, or internal network assets.

CIS supports the following types of custom lists:

IP address lists for grouping IPv4 or IPv6 addresses.
Hostname lists for specifying domain names or subdomains.
ASN lists for identifying network ownership by Autonomous System Numbers.

Lists with hostnames and ASNs are available only to Enterprise customers.

Each list type has its own properties and CSV file format as shown in Custom list types.

Managed versus custom lists

In addition to custom lists that you define, CIS also provides managed lists, which are predefined and maintained by IBM. These lists include curated sets of known threat sources or commonly targeted IP ranges, and can be used similar to custom lists. For information on managed lists, see Using managed lists.