icon-itdr.svg
ITDR

Deleting Events

On the Event Logs page, you can see all the events associated with a particular entity, such as attackers or endpoints. You can delete events from the Event Logs page to remove them permanently.

To delete events:

  1. On the extended details page of an entity from the dashboard, click Event Logs.

    The Event Logs page appears.

  2. On the Event Logs page:
      1. Select the events that you want to delete.

        The option to delete specific events works well when the number of events is less than 100. If you want to delete all events, use the Delete All option, especially if the number of events is greater than 100.

      2. Select Delete from the Actions drop-down menu.

      3. Confirm your action.

        The selected events are removed permanently from the entity.

      Close
      1. Select Delete All from the Actions drop-down menu.

      2. Confirm your action.

        All events are removed from the entity permanently.

        • The removal of all events from an entity takes more time than deleting specific events. It can take a few minutes for the UI to reflect the complete removal of events.
        • The Delete All option removes a maximum of 100K events at a time. If you have more than 100K events associated with an entity, make sure you repeat these steps.
      Close
Related Articles
About Event LogsAdding or Removing Fields On the Event Logs PageDeleting EventsMarking Events as SafeTesting a Rule with EventsExporting Event Logs