Forum Discussion
Azure Sentinel how to clear Threat Intelligence Indicator table
Is there a way to do a bulk delete of all indicators? I have the DShieldScanningIPs source with over 100 thousand IP and I'd like to delete them all but it appears I can only delete 100 of them at a...
GaryBushey No, I want to get rid of all data from Threat Intelligence from a specific source (in this case "DShieldScanningIPs") which is no longer useful for me. I still have other sources data that I want to keep.
Funny enough I have this exact problem, DShield throws so many FP when mapping to signin events etc. I couldn’t find a way to bulk delete sadly, after searching high and low.
I ended up editing the query to basically != DShield and then wait for the retention to kick in and remove.
Will be interested if someone comes with an answer to bill delete though!
I ended up editing the query to basically != DShield and then wait for the retention to kick in and remove.
Will be interested if someone comes with an answer to bill delete though!