Ignore observables#
You can ignore observables on EclecticIQ Intelligence Center to prevent observables with a given type and value from being ingested.
Do this to reduce false-positives and noise in your datasets.
Ignore with observable rule#
Delete and ignore#
Delete and ignore an observable to:
remove that observable from EclecticIQ Intelligence Center, and
prevent EclecticIQ Intelligence Center from subsequently ingesting or extracting new observables with the same type and value.
Tip
Delete and ignore performs a “soft delete” on an observable. This:
Prevents from being displayed on IC,
but leaves records in PostgreSQL and Elasticsearch.
You can filter records to look for ones with the field meta.blacklisted
.
See About search for more information.
To do this:
From Browse
From the left navigation, select Search > Go to search and browse and then select the Observables tab.
Locate the observable you want to remove.
On the right of that observable, select More > Delete and ignore.
From entity builder