• Delete alerts from the Alert Triage page in bulk that are older than 30 days

• EDR Server On-Prem: All Supported Versions

curl http://127.0.0.1:8080/solr/cbalerts/update?commit=true -H "Content-Type: text/xml" -d "<delete><query>created_time:[* TO NOW-30DAYS]</query></delete>"

• To delete alerts using a different time frame, modify * TO NOW-30DAYS to a different DAYS value e.g. * TO NOW-60DAYS which will delete all alerts older than 60 days
• When deleting alerts in bulk based on time in a clustered environment, the above curl command only needs to be executed on the master server