In some cases, you may want to remove previously imported events from the MISP instance. For example, this is needed if Kaspersky Threat Feed App for MISP terminates abnormally.
To remove previously imported events from MISP, you can use the delete_events.py script, which removes events via the MISP API.
The script removes only events with the tags specified in the settings.
After the script successfully finishes, we recommend that you go to the MISP UI and verify that all of the necessary events are removed.
Syntax
The script uses the following syntax:
python delete_events.py [-nv] [-v]
On your computer, the command that runs Python may have a different name (for example, python3 or py).
Parameters
The following parameters are available:
-nv, --no_verificationDisables the SSL certificate verification performed when connecting to the MISP instance via HTTPS.
Use this parameter if you use a self-signed certificate on your MISP instance. Otherwise, you will not be able to delete obsolete events from MISP.
This parameter is intended only for evaluation purposes. Using this parameter in a production environment may create security issues.
-v, --verboseEnables the DEBUG log level for the script. Use this parameter if the script does not work as expected.
If the parameter is not specified, the INFO log level is used, which includes less details than the DEBUG level.