Automatically Delete Signals
To delete signals with automatic deletion rules, the user account you use to access Cytomic Orion must have the Delete signals and manage automatic signal deletion rules permission assigned to its role. For more information about roles and permissions, see Understanding Permissions.
Create automatic deletion rules to move signals that meet certain criteria and are not assigned to any investigation to the recycle bin.
Automatic deletion rules do not delete already generated signals.
This topic includes:
Create Automatic Deletion Rules
To create an automatic deletion rule from a signal:
-
From the top menu, select Signals. The Signals list opens.
-
To modify the list view and quickly find signals of your interest, see List Configuration Tools.
-
To change the time interval for the signals in the list:
-
Click the
icon (3). The Signals panel appears.
-
From the drop-down list, select a time interval (Last 24 hours or Last 7 days) for the signals you want to show in the list.
-
To specify a time interval, select Custom. Enter a start date and an end date, and select a time zone.
-
Click Apply. The signal list and counter (4) update automatically.
-
-
Select the check box for the signal you wan to use as the base for the signal deletion rule. Make sure you select only one signal. A toolbar appears under the top menu.
-
In the toolbar, click Add automatic deletion rule
. The Add automatic deletion rule dialog box opens and shows a series of preset criteria based on the selected signal. -
For more information about the fields in the list, see Meaning of List Fields.
-
In the Name text box, type a new name for the rule.
-
In the Description text box, type a description of the rule (optional).
-
To set the deletion criteria, see Configure Criteria for Signal Deletion Rules.
-
Click Do not detect again. The deletion rule is created and begins moving new signals that meet the criteria defined in the rule to the recycle bin.
View Signal Deletion Rules
-
From the top menu, select Settings. From the side menu, select Deletion rules for signals. A list opens that shows all created rules.
-
To modify the list view and quickly find rules of your interest, see List Configuration Tools.
-
For more information about the columns in the list, see Meaning of List Fields.
Meaning of List Fields
| Field | Description |
|---|---|
|
Description |
Description assigned by the analyst. |
|
Creation date |
Date when the rule was created. |
|
Modification date |
Date when the rule was last modified. |
|
Last deletion date |
Date and time when the rule last activated. Use this field to determine how often the rule activates. |
|
Hunting rule |
Name of the hunting rule that generates the signals. |
|
Client ID |
Identifier of the client where the signal was logged. |
|
Signals deleted in the last 30 days |
Number of signals that have been deleted in the last 30 days. Use this field to determine how often the rule activates. |
|
MUID |
Identifier of the computer where the signal was logged. |
|
Name |
Rule name. |
|
Computer name |
Name of the computer where the signal was logged. |
Edit Deletion Rules
-
From the top menu, select Settings.
-
From the side menu, select Deletion rules. A list opens that shows all created rules.
-
Select the deletion rule you want to edit. The Edit deletion rule page opens. See Create Automatic Deletion Rules.
Delete Deletion Rules
-
From the top menu, select Settings.
-
From the side menu, select Deletion rules. A list opens that shows all created rules.
-
To modify the list view and quickly find rules of your interest, see List Configuration Tools.
-
Select the check boxes for the deletion rules you want to delete.
-
In the action bar, click Delete
. A confirmation dialog box opens.
-
Click Yes. Signals deleted by the deletion rules that still remained in the recycle bin are moved to the Signals list.
Export the List of Deletion Rules
-
From the top menu, select Settings.
-
From the side menu, select Deletion rules. A list opens that shows all created rules.
-
Click the
icon to export the list to a CSV file. The CSV file downloads to your computer.