Deleting Data

ThreatExchange currently supports deletion for ThreatDescriptor objects and relationships between ThreatIndicator objects.

Beginning 90 days after the launch of Graph API version 10.0, all expired data will be deleted. Data uploaded to ThreatExchange with a non-zero expire_time will be permanently deleted at the expiration time indicated and will no longer be visible. If you wish to indicate data is no longer valid, set the expired_on field to the current time to have your data deleted immediately. See the ThreatExchange Changelog for more details.

Additionally, you can delete a ThreatDescriptor using the API with a DELETE HTTP request:

DELETE https://graph.facebook.com/v2.11/<object_id>

Note that after a subjective ThreatDescriptor is deleted, the objective ThreatIndicator may still exist.

To delete a relationship between ThreatIndicators using the API:

DELETE https://graph.facebook.com/v2.11/<object_id>/related?related_id=<object_id_2>

We do not support deletes for Tags or MalwareAnalysis objects.