SumoLogic
diff --git a/‎docs/platform-services/threat-intelligence-indicators.md‎
Lines changed: 3 additions & 6 deletions b/‎docs/platform-services/threat-intelligence-indicators.md‎
Lines changed: 3 additions & 6 deletions
diff --git a/‎static/img/platform-services/threat-intelligence-delete-indicators.png‎
-69.7 KB b/‎static/img/platform-services/threat-intelligence-delete-indicators.png‎
-69.7 KB
@@ -68,7 +68,7 @@ To access the **Threat Intelligence** tab, go to **Manage Data > Logs > Threat I
 
 <img src={useBaseUrl('img/platform-services/threat-intelligence-tab.png')} alt="Threat Intelligence tab" style={{border: '1px solid gray'}} width="800" />
 
-1. **Add Indicators**. Click to upload files that [add threat intelligence indicators](#add-indicators-in-the-threat-intelligence-tab).
+1. **+ Add Indicators**. Click to upload files that [add threat intelligence indicators](#add-indicators-in-the-threat-intelligence-tab).
 1. **Actions**. Select to perform additional actions:
     * **Edit Retention Period**. Enter the length of time in days to retain expired threat intelligence indicator files. The maximum number of days is 180. See [Change the retention period for expired indicators](#change-the-retention-period-for-expired-indicators).
 1. **Source Name**. The source of the threat intelligence indicator file.
@@ -89,7 +89,7 @@ You can also add threat intelligence indicators using the API or a collector. Se
 :::
 
 1. In Sumo Logic, go to **Manage Data > Logs > Threat Intelligence**.
-1. Click **Add Indicators**. The dialog displays. <br/><img src={useBaseUrl('img/platform-services/threat-intelligence-add-indicators.png')} alt="Add threat intelligence indicators" style={{border: '1px solid gray'}} width="500" />
+1. Click **+ Add Indicators**. The dialog displays. <br/><img src={useBaseUrl('img/platform-services/threat-intelligence-add-indicators.png')} alt="Add threat intelligence indicators" style={{border: '1px solid gray'}} width="500" />
 1. Select the format of the file to be uploaded:
     * **Normalized JSON**. A normalized JSON file.
     * **CSV**. A comma-separated value (CSV) file.
@@ -107,10 +107,7 @@ When you add indicators, the event is recorded in the Audit Event Index. See [Au
 
 1. In Sumo Logic, go to **Manage Data > Logs > Threat Intelligence**.
 1. Select a source in the list of sources. Details of the source appear in a sidebar.
-1. Click **Delete Indicators**. The following dialog appears. <br/><img src={useBaseUrl('img/platform-services/threat-intelligence-delete-indicators.png')} alt="Delete threat intelligence indicators" style={{border: '1px solid gray'}} width="500" />
-1. Select indicators to delete from the source:
-   * **Delete all indicators**. Remove all indicators from the source.
-   * **Delete indicators matching the expression**. Enter the attribute and value to match. For example, if you want to delete indicators with certain "valid until" dates from **Sumo normalized JSON** files, for an attribute enter `validUntil` and for a value enter a date. The attributes and values you enter must match attributes and values in the indicators.
+1. Click **Delete Indicators**. The following message appears: **Delete all indicators for `<source-name>`**.
 1. Click **Delete**.
 
 :::note