Remove one or more tags from one or more endpoints.
Required license: Cortex XDR Prevent or Cortex XDR Pro per Endpoint
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/tags/agents/remove" \
-d '{
"request_data" : {
"filters" : [ {
"field" : "endpoint_id_list",
"value" : [ "value", "value" ],
"operator" : "in"
}, {
"field" : "endpoint_id_list",
"value" : [ "value", "value" ],
"operator" : "in"
} ],
"tag" : "tag"
}
}'
{"request_data":{"filters":[{"field":"endpoint_id_list","operator":"in","value":[""]}],"tag":""}}
String that identifies the field the filter is matching. Filters are based on the following keywords:
endpoint_id_list: List of endpoint IDs.endpoint_status: Status of the endpoint ID.dist_name: Distribution / Installation Package name.ip_list: List of IP addresses.group_name: Group name the agent belongs to.platform: Platform name.alias: Alias name.isolate: If the endpoint was isolated.hostname: Hostname
String that identifies the comparison operator you want to use for this filter. Valid keywords and values are:
in
endpoint_id_list,dist_name,group_name,alias,hostname,username: List of strings.endpoint_status: Permitted values areconnectedordisconnected.ip_list: List of strings, for example 192.168.5.12.platform: Permitted values arewindows,linux,macos, orandroid.isolate: Permitted values areisolatedorunisolated.scan_status: Permitted values arenone,pending,in_progress,canceled,aborted,pending_cancellation,success, orerror.gte/ltefirst_seenandlast_seen: Integer in timestamp epoch milliseconds.
Value that this filter must match. The contents of this field will differ depending on the endpoint field that you specified for this filter:
endpoint_id_list,distribution_name,hostname,alias,group_name: List of strings.endpoint_status: Must contain only the following valid values:connectedordisconnectedip_list: String list of IP addresses.platform: Must contain only the following valid values:windows,linux,macos, orandroid.isolate: Must contain only the following valid values:isolatedorunisolated.
Successful response
Bad Request. Got an invalid JSON.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
Unauthorized access. User does not have the required license type to run this API.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
Unauthorized access. User does not have the required license type to run this API.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
Internal server error. A unified status for API communication type errors.
{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}