Deleting Data

ThreatExchange currently supports deletion for ThreatDescriptor objects and relationships between ThreatIndicator objects.

If you wish to delete a ThreatDescriptor or indicate a ThreatDescriptor data is no longer valid, set the expired_on field using either the API or the UI. Begining with the launch in GraphAPI version 10.0 (launching 2021) all expired data will be deleted

Additionally, you can delete a ThreatDescriptor using the API with a DELETE HTTP request:


Note that after a subjective ThreatDescriptor is deleted, the objective ThreatIndicator may still exist.

To delete a relationship between ThreatIndicators using the API:


We do not support deletes for Tags or MalwareAnalysis objects.