diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/delete_all_api_keys.sh b/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/delete_all_api_keys.sh
new file mode 100755
index 00000000000000..efcee69a0152c6
--- /dev/null
+++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/delete_all_api_keys.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+#
+# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+# or more contributor license agreements. Licensed under the Elastic License;
+# you may not use this file except in compliance with the Elastic License.
+#
+
+set -e
+./check_env_variables.sh
+
+# Example: ./delete_all_api_keys.sh
+# https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-invalidate-api-key.html
+curl -s -k \
+  -H "Content-Type: application/json" \
+  -u ${ELASTICSEARCH_USERNAME}:${ELASTICSEARCH_PASSWORD} \
+  -X DELETE ${ELASTICSEARCH_URL}/_security/api_key \
+  --data "{
+    \"username\": \"${ELASTICSEARCH_USERNAME}\"
+  }" \
+  | jq .
diff --git a/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/hard_reset.sh b/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/hard_reset.sh
index ee8fa18e1234d3..2864cee16a238d 100755
--- a/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/hard_reset.sh
+++ b/x-pack/legacy/plugins/siem/server/lib/detection_engine/scripts/hard_reset.sh
@@ -14,3 +14,4 @@ set -e
 ./delete_all_alert_tasks.sh
 ./delete_signal_index.sh
 ./put_signal_index.sh
+./delete_all_api_keys.sh
\ No newline at end of file