Ignore observables#

You can ignore observables on EclecticIQ Intelligence Center to prevent observables with a given type and value from being ingested.

Do this to reduce false-positives and noise in your datasets.

Ignore with observable rule#

See Create observable rules.

Delete and ignore#

Delete and ignore an observable to:

  • remove that observable from EclecticIQ Intelligence Center, and

  • prevent EclecticIQ Intelligence Center from subsequently ingesting or extracting new observables with the same type and value.

Tip

Delete and ignore performs a “soft delete” on an observable. This:

  • Prevents from being displayed on EclecticIQ Intelligence Center,

  • but leaves records in PostgreSQL and Elasticsearch.

You can filter records to look for ones with the field meta.blacklisted. See Navigate | Search for more information.

To do this:

From Browse

  1. From the left sidebar, select Search Search icon > Go to search and browse and then select the Observables tab.

  2. Locate the observable you want to remove.

  3. On the right of that observable, select More More options, line of three dots arranged vertically > Delete and ignore.

    Delete and ignore from Browse.

    Select Delete and ignore from the menu.#

From entity builder

  1. Select an observable from anywhere to open it.

  2. Select More More options, line of three dots arranged vertically > Delete and ignore.

    Delete and ignore from entity builder.

    Select Delete and ignore from the menu.#