Bulk Operations - Windows Legacy Cleanup

Still got Windows Legacy collectors kicking around collecting logs ? 

Moving gradually to less systems being collected from that service and moving to WinRM and other windows log collections ? 

How do you remove entries in bulk from the windows legacy collector ?

1. Once you are logged into RSA NW locate the Windows Legacy collector > Config > Event Sources >
2. Select the "all" checkbox to capture all hosts and click Export Source so you have a backup of the configuration before continuing.