Merge pull request #2084 from SEKOIA-IO/detail_revoke_ioc

add details on how to revoke
SEKOIA-IO · Nov 12, 2024 · bba36b3 · bba36b3
2 parents c6d7315 + 0cd2cd8
commit bba36b3
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/_shared_content/ioccollections.md b/_shared_content/ioccollections.md
@@ -87,5 +87,16 @@ When inside a collection, buttons are available at the end of each line to updat
 
 If you realize that an indicator is bad and produces false positive detections, you can use the revoke button to remove it from detection.
 
+#### How to Request the Revocation of an IoC
+
+- Go to the **Intelligence** section in the left menu.
+- Search for and select the object you believe is a false positive.
+- Before reporting a false positive, make sure to carefully review the details associated with the object, including:
+    - The **pattern**
+    - The **source**
+    - The **threat context**
+    - Linked **observables**
+- Click the **Request revocation** button available at the top right.
+
 !!! warning
     Revoking an indicator cannot be undone.