Skip to content

Commit 4a0b5b5

Browse files
authored
Update instructions to delete indicators (#4828)
1 parent ccd7794 commit 4a0b5b5

File tree

2 files changed

+3
-6
lines changed

2 files changed

+3
-6
lines changed

docs/platform-services/threat-intelligence-indicators.md

Lines changed: 3 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ To access the **Threat Intelligence** tab, go to **Manage Data > Logs > Threat I
6868

6969
<img src={useBaseUrl('img/platform-services/threat-intelligence-tab.png')} alt="Threat Intelligence tab" style={{border: '1px solid gray'}} width="800" />
7070

71-
1. **Add Indicators**. Click to upload files that [add threat intelligence indicators](#add-indicators-in-the-threat-intelligence-tab).
71+
1. **+ Add Indicators**. Click to upload files that [add threat intelligence indicators](#add-indicators-in-the-threat-intelligence-tab).
7272
1. **Actions**. Select to perform additional actions:
7373
* **Edit Retention Period**. Enter the length of time in days to retain expired threat intelligence indicator files. The maximum number of days is 180. See [Change the retention period for expired indicators](#change-the-retention-period-for-expired-indicators).
7474
1. **Source Name**. The source of the threat intelligence indicator file.
@@ -89,7 +89,7 @@ You can also add threat intelligence indicators using the API or a collector. Se
8989
:::
9090

9191
1. In Sumo Logic, go to **Manage Data > Logs > Threat Intelligence**.
92-
1. Click **Add Indicators**. The dialog displays. <br/><img src={useBaseUrl('img/platform-services/threat-intelligence-add-indicators.png')} alt="Add threat intelligence indicators" style={{border: '1px solid gray'}} width="500" />
92+
1. Click **+ Add Indicators**. The dialog displays. <br/><img src={useBaseUrl('img/platform-services/threat-intelligence-add-indicators.png')} alt="Add threat intelligence indicators" style={{border: '1px solid gray'}} width="500" />
9393
1. Select the format of the file to be uploaded:
9494
* **Normalized JSON**. A normalized JSON file.
9595
* **CSV**. A comma-separated value (CSV) file.
@@ -107,10 +107,7 @@ When you add indicators, the event is recorded in the Audit Event Index. See [Au
107107

108108
1. In Sumo Logic, go to **Manage Data > Logs > Threat Intelligence**.
109109
1. Select a source in the list of sources. Details of the source appear in a sidebar.
110-
1. Click **Delete Indicators**. The following dialog appears. <br/><img src={useBaseUrl('img/platform-services/threat-intelligence-delete-indicators.png')} alt="Delete threat intelligence indicators" style={{border: '1px solid gray'}} width="500" />
111-
1. Select indicators to delete from the source:
112-
* **Delete all indicators**. Remove all indicators from the source.
113-
* **Delete indicators matching the expression**. Enter the attribute and value to match. For example, if you want to delete indicators with certain "valid until" dates from **Sumo normalized JSON** files, for an attribute enter `validUntil` and for a value enter a date. The attributes and values you enter must match attributes and values in the indicators.
110+
1. Click **Delete Indicators**. The following message appears: **Delete all indicators for `<source-name>`**.
114111
1. Click **Delete**.
115112

116113
:::note
Binary file not shown.

0 commit comments

Comments
 (0)