File Retrieval Details

Cortex XDR REST API

post /public_api/v1/actions/file_retrieval_details

View the API required to call in order to download the file retrieved by the Retrieve File API request according to the action ID.

Required license: Cortex XDR Prevent, Cortex XDR Pro per Endpoint, or Cortex XDR Pro per GB

The response contains a file hash you need to download and then unzip to view: 1. Download the file.

curl curl -XPOST "https://api-{fqdn}/public_api/v1/download/<api_value>" -H "x-xdr-auth-id:{API_KEY_ID}" -H "Authorization:{API_KEY}" -H 'Content-Type:application/json' --output /tmp/file.zip 2. Unzip the file: unzip /tmp/file.zip

Body parameters
request_dataObjectrequired

A dictionary containing the API request fields.

group_action_idString

The action ID of the Retrieve File API response.

REQUEST BODY
{ "request_data": { "group_action_id": "<action ID>" } }
CURL
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
'https://api-yourfqdn/public_api/v1/actions/file_retrieval_details'
-d ''
Responses

Successful response

Body
replyObject
dataObject
endpoint_IDString

API required to call in order to download the retrieved result.

RESPONSE
{ "reply": { "data": { "<endpoint_ID>": "https://api-{fqdn}/public_api/v1/download/<api_value>" } } }

Bad Request. Got an invalid JSON.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Unauthorized access. User does not have the required license type to run this API.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Internal server error. A unified status for API communication type errors.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }