@Pawel Boruc You can delete the Threat Intelligence Indicator connector from here and then re-add it to start from scratch.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi,
I'm struggling with removing all data from ThreatIntelligenceIndicator table. I have little mess inside and would like to import data once again from beginning.
Thanks,
Pawel
@Pawel Boruc You can delete the Threat Intelligence Indicator connector from here and then re-add it to start from scratch.
For me it's walkaround solution. In other SIEM systems we are able to purge all TI data and retrieve them once again.
Maybe this should be on the list to-do?
Is there a way to do a bulk delete of all indicators? I have the DShieldScanningIPs source with over 60k IPs and I'd like to delete them all but it appears I can only delete 100 of them at a time. This will take a while.
JoeG
ok, it is some time but i am still unable to find a suitable solution to remove 50k+ IoCs from Sentinel with one query / command / rest api, is there a way now ? I am using graph api for removing and i receive strange error that the indicator does not exist, even tho KQL does show its ID, it is very frustrating that there is no documentation how to purge the DB