Allow List Files

post /public_api/v1/hash_exceptions/allowlist

Add files which do not exist in the allow or block lists to an allow list.

Required license: Cortex XDR Prevent, Cortex XDR Pro per Endpoint, or Cortex XDR Pro per GB

CURL

  curl -X POST \

-H "Accept: application/json" \
 -H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/hash_exceptions/allowlist" \
 -d '{
  "request_data" : {
    "incident_id" : 0,
    "comment" : "comment",
    "hash_list" : [ "hash_list", "hash_list" ]
  }
}'
  

Request

Body

optional

Example:

{"request_data":{"hash_list":["032196FB1A---DFCF69E5D553F0","365296EB1B---FCF29E5D553E4","365296EB1B---FCF69E3D553E4","365296EB1B---FCF69E5D553D4","365296EB1B---FCF79E5D553D4"],"comment":"test","incident_id":5}}

request_data

required

A dictionary containing the API request fields.

hash_list

required

Array of strings

A list of hashed files you want to add to the allow list. Hash must be a valid SH256.

comment

optional

String

Additional information regarding the action.

incident_id

optional

Integer

The incident ID related to the hash. When included in the request, the Allow List action will appear in the Cortex XDR Incident View Timeline tab.

Responses

Successful response

Body

Bad Request. Got an invalid JSON.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Unauthorized access. User does not have the required license type to run this API.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Internal server error. A unified status for API communication type errors.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.