Get Disable Prevention Modules

Cortex XDR REST API
post /public_api/v1/disable_prevention/get_modules

Returns a list of available modules for a specific platform.

Request headers
Authorization String required

{api_key}
Example: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP
x-xdr-auth-id String required

{api_key_id}
Example: 241
CLIENT REQUEST
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ' -H 'x-xdr-auth-id: 241'
'https://api-yourfqdn/public_api/v1/disable_prevention/get_modules'
-d ''
import http.client conn = http.client.HTTPSConnection("api-yourfqdn") payload = "{\"request_data\":{\"platform\":\"string\"}}" headers = { 'Authorization': "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ", 'x-xdr-auth-id': "241", 'content-type': "application/json" } conn.request("POST", "/public_api/v1/disable_prevention/get_modules", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-yourfqdn/public_api/v1/disable_prevention/get_modules") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["Authorization"] = 'UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ' request["x-xdr-auth-id"] = '241' request["content-type"] = 'application/json' request.body = "{\"request_data\":{\"platform\":\"string\"}}" response = http.request(request) puts response.read_body
const data = JSON.stringify({ "request_data": { "platform": "string" } }); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-yourfqdn/public_api/v1/disable_prevention/get_modules"); xhr.setRequestHeader("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP "); xhr.setRequestHeader("x-xdr-auth-id", "241"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/disable_prevention/get_modules") .header("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ") .header("x-xdr-auth-id", "241") .header("content-type", "application/json") .body("{\"request_data\":{\"platform\":\"string\"}}") .asString();
import Foundation let headers = [ "Authorization": "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ", "x-xdr-auth-id": "241", "content-type": "application/json" ] let parameters = ["request_data": ["platform": "string"]] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/disable_prevention/get_modules")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-yourfqdn/public_api/v1/disable_prevention/get_modules", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{\"request_data\":{\"platform\":\"string\"}}", CURLOPT_HTTPHEADER => [ "Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ", "content-type: application/json", "x-xdr-auth-id: 241" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/disable_prevention/get_modules"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP "); headers = curl_slist_append(headers, "x-xdr-auth-id: 241"); headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"platform\":\"string\"}}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-yourfqdn/public_api/v1/disable_prevention/get_modules"); var request = new RestRequest(Method.POST); request.AddHeader("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP "); request.AddHeader("x-xdr-auth-id", "241"); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{\"request_data\":{\"platform\":\"string\"}}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Body parameters
required
application/json
request_dataobjectrequired
platformstring

Indicates the operating system to which the rule applies. For example, windows, linux, or macos.

REQUEST
{ "request_data": { "platform": "windows" } }
{ "request_data": { "platform": "macos" } }
Responses

OK

Body
application/json
replyarray
[
module_idinteger

Module ID associated with the rule.

Example:1
namestring

Name of the security module.

Example:"DLL Security"
descriptionstring

Description of the disable prevention rule.

Example:"Memory Corruption Exploit"
profile_typestring

Type of security profile.

Example:"Exploit"
conditions_definitionobject

A combination of parameters configured during rule creation.

propertiesobject
hashobject

SHA256 hash

typestring
descriptionstring
Example:"Hash"
pathobject

Path to the required files or folders

typestring
descriptionstring
Example:"Files / Folders"
minLengthinteger
Example:1
commandobject

Command line argument

typestring
descriptionstring
Example:"Command Line"
minLengthinteger
Example:1
signerobject

Trusted signer

typestring
descriptionstring
Example:"Signer Name"
minLengthinteger
Example:1
sign_thumbprintobject

Certificate thumbprint

typestring
descriptionstring
Example:"Certificate Thumbprint"
minLengthinteger
Example:1
additionalPropertiesboolean
minPropertiesinteger
Example:1
]
RESPONSE
{ "reply": [ { "module_id": 1, "name": "DLL Security", "description": "Memory Corruption Exploit", "profile_type": "Exploit", "conditions_definition": { "properties": { "hash": { "type": "string", "description": "Hash" }, "path": { "type": "string", "description": "Files / Folders", "minLength": 1 }, "command": { "type": "string", "description": "Command Line", "minLength": 1 }, "signer": { "type": "string", "description": "Signer Name", "minLength": 1 }, "sign_thumbprint": { "type": "string", "description": "Certificate Thumbprint", "minLength": 1 } } }, "additionalProperties": false, "minProperties": 1 } ] }