Add files which do not exist in the allow or block lists to an allow list.
Required license: Cortex XDR Prevent, Cortex XDR Pro per Endpoint, or Cortex XDR Pro per GB
Authorization
String
required
authorization_example
x-xdr-auth-id
String
required
xXdrAuthId_example
Accept-Encoding
String
acceptEncoding_example
request_dataObjectrequired
A dictionary containing the API request fields.
hash_listArray[string]
A list of hashed files you want to add to the allow list. Hash must be a valid SH256.
commentString
Additional information regarding the action.
incident_idInteger
The incident ID related to the hash. When included in the request, the Allow List action will appear in the Cortex XDR Incident View Timeline tab.
{
"request_data": {
"hash_list": [
"032196FB1A---DFCF69E5D553F0",
"365296EB1B---FCF29E5D553E4",
"365296EB1B---FCF69E3D553E4",
"365296EB1B---FCF69E5D553D4",
"365296EB1B---FCF79E5D553D4"
],
"comment": "test",
"incident_id": 5
}
}
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
-H
'Authorization: authorization_example'
-H
'x-xdr-auth-id: xXdrAuthId_example'
-H
'Accept-Encoding: acceptEncoding_example'
'https://api-yourfqdn/public_api/v1/hash_exceptions/allowlist'
-d
''
Successful response
falseBad Request. Got an invalid JSON.
err_codeString
HTTP response code.
err_msgString
Error message.
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extraString
Additional information describing the error.
{
"err_code": "err_code_example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "err_extra_example"
}Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.
err_codeString
HTTP response code.
err_msgString
Error message.
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extraString
Additional information describing the error.
{
"err_code": "err_code_example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "err_extra_example"
}Unauthorized access. User does not have the required license type to run this API.
err_codeString
HTTP response code.
err_msgString
Error message.
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extraString
Additional information describing the error.
{
"err_code": "err_code_example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "err_extra_example"
}Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.
err_codeString
HTTP response code.
err_msgString
Error message.
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extraString
Additional information describing the error.
{
"err_code": "err_code_example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "err_extra_example"
}Internal server error. A unified status for API communication type errors.
err_codeString
HTTP response code.
err_msgString
Error message.
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extraString
Additional information describing the error.
{
"err_code": "err_code_example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "err_extra_example"
}