Block List Files

Add requested files to a block list.

Synopsis

URI
/public_api/v1/hash_exceptions/blocklist/
HTTP Method
POST
Required License
Cortex XDR Prevent or Cortex XDR Pro per Endpoint

Description

Add files which do not exist in the allow or block lists to a block list.

Request Fields

The body of this request contains a JSON object with the following fields:
Field
Description
request_data
(
Required
) A dictionary containing the API request fields.
hash_list
(
Required
) String that represents a list of hashed files you want add to a block list. Hash must be a valid SH256.
comment
String that represents additional information regarding the action.
incident_id
Integer that represents the incident ID related to the hash.
When included in the request, the Block List action will appear in the Cortex XDR Incident View Timeline tab.
Request Example
curl -X POST https://api-{fqdn}/public_api/v1/hash_exceptions/blocklist/ \ -H "x-xdr-auth-id:{API_KEY_ID}" \ -H "Authorization:{API_KEY}" \ -H "Content-Type:application/json" \ -d '{ "request_data":{ "hash_list":[ "032196FB1A---DFCF69E5D553F0", "365296EB1B---FCF69E7D553E4", "365296EB1B---FCF69E5D523E4", "365296EB1B---FCF69E5D553D4", "365296EB1B---FCF63E5D553D4" ], "comment":"test", "incident_id":5 } }'
Code copied to clipboard
Unable to copy due to lack of browser support.

Success Response

Upon success, the HTTP response code is 200.
Field
Description
reply
JSON object containing the query result.
  • true
    —File successfully added to block list
Success Response Example
{ "reply": {true} }
Code copied to clipboard
Unable to copy due to lack of browser support.

Error Response

Upon error, the reply includes an HTTP response code, an error message, and additional information describing the error. The HTTP response code is one of the following:
Field
Description
400
Bad Request. Got an invalid JSON.
401
Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.
402
Unauthorized access. User does not have the required license type to run this API.
403
Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.
500
Internal server error. A unified status for API communication type errors.
Error Response Format
{"reply": {"err_code": STATUS_CODE, "err_msg": GENERAL_MESSAGE, "err_extra": EXTRA_DATA}}
Code copied to clipboard
Unable to copy due to lack of browser support.

Recommended For You