post
/public_api/v1/hash_exceptions/allowlist
Add files which do not exist in the allow or block lists to an allow list.
Required license: Cortex XDR Prevent, Cortex XDR Pro per Endpoint, or Cortex XDR Pro per GB
CURL
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/hash_exceptions/allowlist" \
-d '{
"request_data" : {
"incident_id" : 0,
"comment" : "comment",
"hash_list" : [ "hash_list", "hash_list" ]
}
}'
Request
Body
optional
Example:
{"request_data":{"hash_list":["032196FB1A---DFCF69E5D553F0","365296EB1B---FCF29E5D553E4","365296EB1B---FCF69E3D553E4","365296EB1B---FCF69E5D553D4","365296EB1B---FCF79E5D553D4"],"comment":"test","incident_id":5}}
request_data
required
A dictionary containing the API request fields.
hash_list
required
Array
of strings
A list of hashed files you want to add to the allow list. Hash must be a valid SH256.
comment
optional
String
Additional information regarding the action.
incident_id
optional
Integer
The incident ID related to the hash.
When included in the request, the Allow List action will appear in the Cortex XDR Incident View Timeline tab.
Responses