Delete matching observables

If the designated Action an observable rule applies is Ignore, the Intelligence Center does not execute any actions on the matching observables.
Any observables matching the rule criteria can be disregarded, and they can be deleted.

To delete all observables matching an ignore action rule:

1. In the left navigation bar, go to Data configuration > Rules > Observable.

2. In the Observable view, click anywhere in the row corresponding to the rule whose matches you want to delete.

3. In the observable rule detail pane, click the menu icon , and from the drop-down menu select Delete all matching observables.

4. The observables matching the rule are deleted from the Intelligence Center database, as well as from the Intelligence Center history.

Alternatively:

1. In the left navigation bar, go to Data configuration > Rules > Observable.

2. In the Observable view, click the menu icon in the row corresponding to the rule whose matching observables you want to delete, and from the drop-down menu select Delete all matching observables.

3. The observables matching the rule are deleted from the Intelligence Center database, as well as from the Intelligence Center history.

Delete observables without link name

Setting link names to define relationships adds intelligence value by describing how entities and observables are related.
This information provides additional context, and it helps understand how a specific resource is used, or the purpose it serves for a potential attacker.
For example, it can clarify that an observable describes a vulnerability or a weakness related to its parent entity.

Therefore, observables with a Link name value are in general more relevant and more valuable than observables without a Link name value.

The following example describes how to create an observable rule to return bundled observables without a link name.
After reviewing the matches, you can delete them in bulk.