Delete Endpoints

post /public_api/v1/endpoints/delete

Delete selected endpoints in the Cortex XDR app. You can delete up to 1000 endpoints.

Note: Endpoints are deleted from the Cortex XDR app web interface, however they still exist in the database.

When filtering by multiple fields: - Response is concatenated using AND condition (OR is not supported). - Maximum result set size is 1000. - Offset is the zero-based number of incidents from the start of the result set.

Required license: Cortex XDR Prevent or Cortex XDR Pro per Endpoint

CURL

  curl -X POST \

-H "Accept: application/json" \
 -H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/endpoints/delete" \
 -d '{
  "request_data" : {
    "filters" : [ {
      "field" : "field",
      "value" : [ "value", "value" ],
      "operator" : "in"
    }, {
      "field" : "field",
      "value" : [ "value", "value" ],
      "operator" : "in"
    } ]
  }
}'
  

Request

Body

optional

Example: {"request_data":{"filters":[{"field":"endpoint_id_list","operator":"in","value":[""]}]}}

request_data

optional

filters

optional

Array

Array of filter fields.

field

required

String

String that identifies a list the filters match. Filters are based on the following keywords:

endpoint_id_list: List of endpoint IDs.

operator

required

String (Enum)

String that identifies the comparison operator you want to use for this filter. Valid keywords and values are: in

endpoint_id_list: List of strings

Allowed values:

value

required

Array of strings

Value that this filter must match. Valid keywords:

endpoint_id_list: List of strings

Responses

Successful response

Bad Request. Got an invalid JSON.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Unauthorized access. User does not have the required license type to run this API.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Internal server error. A unified status for API communication type errors.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.