Deleting Data

ThreatExchange currently supports deletion for ThreatDescriptor objects and relationships between ThreatIndicator objects.

If you wish to delete a ThreatDescriptor or indicate a ThreatDescriptor data is no longer valid, set the expired_on field using either the API or the UI. Begining with the launch in GraphAPI version 10.0 (launching 2021) all expired data will be deleted

Additionally, you can delete a ThreatDescriptor using the API with a DELETE HTTP request:

DELETE https://graph.facebook.com/v2.11/<object_id>

Note that after a subjective ThreatDescriptor is deleted, the objective ThreatIndicator may still exist.

To delete a relationship between ThreatIndicators using the API:

DELETE https://graph.facebook.com/v2.11/<object_id>/related?related_id=<object_id_2>

We do not support deletes for Tags or MalwareAnalysis objects.