Hello everobody
I need to know if the objects brought to elastic through the alien vault feed are deleted if I unsubscribe from the corresponding pulse. If not, do you know of a method to remove IoC?
Thanks
1 Like
Hi, @Jordan_Santander!
As far as I know, Alien vault is free for ingesting IoCs, making it necessary to create access to your account via API in the integration settings. I use it here in my environment at no cost. Regarding the removal of IoC data that has already been stored, you can create an ILM policy to delete it, however, it is interesting to have this history for the correlation of Intel Threat rules.
Hello Wagner
Thanks for your reply, we had to delete the objects due to a pulse that brought thousands of indicators that generated hundreds of unnecessary alerts. In addition to the ILM policy, I used the datastream deletion via API Delete data stream API | Elasticsearch Guide [8.12] | Elastic.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.