Quarantine file on selected endpoints. You can select up to 1000 endpoints.
Note: A success response means that the request reached the defined endpoints, however if the file was not found there, no quarantine action will take place. To ensure if the file has been quarantined, check the Cortex XDR Action Center.
When filtering by multiple fields: - Response is concatenated using AND condition (OR is not supported). - Maximum result set size is 1000. - Offset is the zero-based number of incidents from the start of the result set.
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/endpoints/quarantine" \
-d '{
"request_data" : {
"file_path" : "file_path",
"file_hash" : "file_hash",
"filters" : [ {
"field" : "endpoint_id_list",
"value" : [ "value", "value" ],
"operator" : "in"
}, {
"field" : "endpoint_id_list",
"value" : [ "value", "value" ],
"operator" : "in"
} ]
}
}'
{
"reply": {
"action_id": "[ID value]",
"status": "1",
"endpoints_count": "673"
}
}
{"request_data":{"filters":[{"field":"endpoint_id_list","operator":"in","value":[""]}],"file_path":"C:\\\\test_x64.msi","file_hash":""}}
String that identifies a list the filters match. Filters are based on the following keywords:
endpoint_id_list
: List of endpoint IDs.
String that identifies the comparison operator you want to use for this filter. Valid keywords and values are:
in
endpoint_id_list
: List of strings
Value that this filter must match. Valid keywords:
endpoint_id_list
: Array of strings