GDI 4 Posted July 16, 2021 Share Posted July 16, 2021 Hello! I can't seem to find information on how to manually clear the detection list and statistic in ERA. I've seen FAQs stating there is a "Clean Up" now button but I can't seem to find it. I know I can lower the logging down but I'd like to run it on demand. Last night, we had a workstation with a Kali Linux ISO on it and the system reported 1000+ detections that we would like to remove from the statistics. Thanks! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,238 Posted July 16, 2021 Administrators Share Posted July 16, 2021 We recommend using Resolved and Not resolved states for detections that you have already dealt with and were resolved. You can use a filter, e.g. to filter out already resolved detections. Link to comment Share on other sites More sharing options...
GDI 4 Posted July 17, 2021 Author Share Posted July 17, 2021 6 hours ago, Marcos said: We recommend using Resolved and Not resolved states for detections that you have already dealt with and were resolved. You can use a filter, e.g. to filter out already resolved detections. Thanks for the information. I'm aware of filtering but is there a way to manually clear them out of the database? My statistics are all skewed. I have about 10 times more detections (which are false) on one workstation than I do the entire network. Or, can I just change "clean incident logs over than" to 1 day and after they clear out change it back to the previous setting? Link to comment Share on other sites More sharing options...
Recommended Posts