Delete Indicator

Permanently delete an indicator (IOC). Delete indicators with caution. A deleted indicator cannot be recovered.

After an indicator is deleted, the Falcon console no longer displays future detections in Activity for that IOC and the Falcon Streaming API no longer includes DetectionSummaryEvent or CustomerIOCEvent for that IOC.

External Documentation

To learn more, visit the CrowdStrike documentation.

Parameters

Parameter	Description
IOC ID	The IOC ID to delete.

Example Output

{
    "errors": [
        {
            "code": 0,
            "id": "string",
            "message": "string"
        }
    ],
    "meta": {
        "pagination": {
            "after": "string",
            "limit": 0,
            "offset": 0,
            "total": 0
        },
        "powered_by": "string",
        "query_time": 0,
        "trace_id": "string"
    },
    "resources": [
        "string"
    ]
}

Workflow Library Example

Delete Indicator with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop

Delete Indicator

Parameters​

Example Output​

Workflow Library Example​

Parameters

Example Output

Workflow Library Example