When importing a threat feed with a considerable amount of data in it, someone on the team forgot to set the expiry date. No expiry date = no expiry…

For reasons I don’t understand, there’s no way to do mass deletion in the Azure Portal. So I had to resort to modifying my incident-closure-script in order to fix this blooper.

With only minor modifications I was able to achieve exactly what I wanted - awesome!

I’m sharing the code here in case someone else make the same blooper, and need a helping hand.

The code

⚠️ Blindly running code from the internet can be dangerous ⚠️
Please read through and understand what this code does before trying to use it.

You also need to set the appropriate filter first, and set a correct maxRunCount-number (did I mention I was lazy? I didn’t know how to nor want to spend time on figuring out how to detect when it was done).

/* USE AT YOUR OWN RISK - I TAKE NO RESPONSIBILITY FOR ANYTHING THAT HAPPENS WHEN YOU RUN THIS */

let hackRuntimeCounter = 0;
const maxRunCount = 100;

const doRemoveIntelHack = () => {
    console.log(`Doing run ${hackRuntimeCounter} of ${maxRunCount}`);

    // Get checkbox
    const checkbox = [...document.querySelectorAll('.azc-checkBox')].filter((x) => x.attributes.getNamedItem('aria-label').value === 'Select all items').at(0)
        .children[0];

    checkbox.dispatchEvent(new MouseEvent('click', { bubbles: true, cancelable: true }));

    // We have to wait for the delete button to be ready
    setTimeout(() => {
        let actionsButton = [...document.querySelectorAll('.fxs-commandBar-item-text')].filter((x) => x.innerText == 'Delete').at(0);

        // Wait a bit and retry if the button is still disabled
        if (actionsButton.parentElement.classList.contains('azc-text-disabled')) {
            setTimeout(() => {
                doRemoveIntelHack();
            }, 6000);
            return;
        }

        actionsButton.dispatchEvent(new MouseEvent('click', { bubbles: true, cancelable: true }));

        // We have to wait for the popup to load
        setTimeout(() => {
            let elementContainer = [...document.getElementsByClassName('fxs-messagebox-buttons')].at(0);

            if (elementContainer === undefined) {
                setTimeout(() => {
                    doCloseIncidentsHack();
                }, 6000);
                return;
            }

            // Find button
            let yesButton = [...document.querySelectorAll('.fxs-portal-button-primary')].filter((x) => x.innerText == 'Yes').at(0);

            // Let's do this!
            yesButton.dispatchEvent(new MouseEvent('click', { bubbles: true, cancelable: true }));

            // Continue as long as we haven't reached our configured number of executions
            if (hackRuntimeCounter <= maxRunCount) {
                setTimeout(() => {
                    doRemoveIntelHack();
                }, 6000);
            }

            hackRuntimeCounter++;
        }, 1800);
    }, 800);
};

doRemoveIntelHack();