Unable to Delete Threat Intelligence Indicator

Hi,

For testing purposes, I added a TI indicator in Sentinel via the UI. When I deleted it, the indicator disappeared from the UI, but the record still exists in the ThreatIntelIndicators table.

From what I’ve observed, every modification to a TI indicator leaves a record in the table, almost like an audit trail. So now I see two records:

• One for the original creation
• One for the deletion action

The issue is that I’m building a rule based on this table, and it still matches the “created” record even though the indicator was deleted.

I’ve already tried both:

az sentinel threat-indicator delete module and REST API.

But I got server errors.

Is there any way to completely delete a TI record from the ThreatIntelIndicators table ?

Thanks in advance.