post
/public_api/v1/xql/lookups/remove_data
Remove data from a dataset based on the specified parameters. If any one of the filter sets are not found, the API does not delete any data.
You can send a maximum of 10 lookup API calls per second.
Note: All lookup entries matching any of the filter blocks are deleted. To match a filter block, a lookup entry must match all the specified fields as if there were an AND
operator between them.
Required license: Cortex XDR Pro per Endpoint or Cortex XDR Pro per GB
Body parameters
requestObjectrequired
dataset_nameString
The name of the dataset to delete.
filtersObject
Key-value pairs of fields to query in datasets. A lookup entry must match all the specified fields as if there were an AND
operator between them.
You can use one or more fields, up to the number of fields in the schema.
REQUEST BODY
{
"request": {
"dataset_name": "users",
"filters": [
{
"uid": "123",
"username": "john"
},
{
"uid": "124",
"zipcode": 58672
}
]
}
}
CURL
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
'https://api-yourfqdn/public_api/v1/xql/lookups/remove_data'
-d
''
Responses