Delete Indicator - Blink Documentation

Permanently delete an indicator (IOC). Delete indicators with caution. A deleted indicator cannot be recovered. After an indicator is deleted, the Falcon console no longer displays future detections in Activity for that IOC and the Falcon Streaming API no longer includes DetectionSummaryEvent or CustomerIOCEvent for that IOC. The following permission is required to run this action:

IOC Management: Read and Write.

External DocumentationTo learn more, visit the CrowdStrike documentation.

Parameters

Parameter	Description
IOC ID	The IOC ID to delete.

Example Output

{
	"errors": [
		{
			"code": 0,
			"id": "string",
			"message": "string"
		}
	],
	"meta": {
		"pagination": {
			"after": "string",
			"limit": 0,
			"offset": 0,
			"total": 0
		},
		"powered_by": "string",
		"query_time": 0,
		"trace_id": "string"
	},
	"resources": [
		"string"
	]
}

Workflow Library Example

Delete Indicator with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop

Integrations

​Parameters

​Example Output

​Workflow Library Example

Parameters

Example Output

Workflow Library Example