How to Exclude an Observable from Similarity Checks

This topic provides step-by-step instructions for excluding an observable from similarity checks in cases and alerts in TheHive.

Required permissions

Only users with the manageObservable permission can manage observables in TheHive.

Bulk updates

You can edit multiple observables at once. Follow the instructions in the Edit Multiple Observables topic.

Similar alerts and cases are detected based on shared observables. You can choose to ignore similarity for contextual observables, such as the company domain name, or for observables that aren't related to any potential threat.

Procedure

1. Locate the observable you want to update.

2. In the observable details, turn on the Ignore similarity toggle.

3. Select Save.

Next steps

• Add an Observable
• Remove an Observable
• Update the Status of an Observable
• Edit Multiple Observables
• Pin an Observable
• Export Data from Observables
• Run Analyzers on an Observable
• Run Responders on an Observable
• Import Observables from Analyzer Reports