Retrieve files from selected endpoints. You can retrieve up to 20 files, from no more than 10 endpoints. - Response is concatenated using AND condition (OR is not supported). - Offset is the zero-based number of incidents from the start of the result set.
Required license: Cortex XDR Prevent or Cortex XDR Pro per Endpoint
request_dataObjectrequired
A dictionary containing the API request fields.
filtersArray
An array of filter fields.
fieldString (Enum)
Identifies the field the filter must match:
- endpoint_id_list
operatorString (Enum)
Identifies the comparison operator you want to use for this filter. Valid keywords and values are:
in
- 'endpoint_id_list'
valueArray[string]
Value that this filter must match. Valid keywords: - 'endpoint_id_list': List of strings.
filesObject
One of the operating system types must be included.
windowsArray[string]
linuxArray[string]
macosArray[string]
incident_idString
Incident ID. When included in the request, the Retrieve File action will appear in the Cortex XDR Incident View Timeline tab.
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
'https://api-yourfqdn/public_api/v1/endpoints/file_retrieval'
-d
''