Exclude an Observable from Similarity Checks

manageObservable

Exclude an observable from similarity checks in TheHive to prevent it from being used to identify similar alerts and cases. This is useful for contextual observables, such as the company domain name, or for observables that aren't related to any potential threat.

Bulk updates

You can edit multiple observables at once. Follow the instructions in the Edit Multiple Observables topic.

Procedure

1. Locate the observable you want to update.

2. In the observable details, turn on the Ignore similarity toggle.

3. Select Save.

Next steps

• Add an Observable
• Delete an Observable
• Update the Status of an Observable
• Edit Multiple Observables
• Pin an Observable
• Export Data from Observables
• Run Analyzers and Review Reports for an Observable
• Run Responders and Review Reports for an Observable
• Import Observables from Analyzer Reports