File Retrieval Details

View the API used to retrieve the file.

Synopsis

URI
/public_api/v1/actions/file_retrieval_details/
HTTP Method
POST
Required License
Cortex XDR Prevent or Cortex XDR Pro per Endpoint

Description

View the API required to call in order to download the file retrieved by the Retrieve File request according to the action ID.

Request Fields

The body of this request contains a JSON object with the following fields:
Field
Description
request_data
(
Required
) A dictionary containing the API request fields.
group_action_id
(
Required
) String the represents the Action ID of the Retrieve File API response.
Request Example
curl -XPOST "https://api-{fqdn}/public_api/v1/actions/file_retrieval_details/" -H "x-xdr-auth-id:{API_KEY_ID}" -H "Authorization:{API_KEY}" -H 'Content-Type:application/json' -d '{ "request_data": { "group_action_id":<action ID> } }'
Code copied to clipboard
Unable to copy due to lack of browser support.

Success Response

Upon success, the HTTP response code is 200.
Field
Description
reply
JSON object containing the query result.
  • data
    — API required to call in order to download the retrieved file.
Success Response Example
Response Example
{ "reply": { "data": { "<endpoint_ID>": "https://api-{fqdn}/public_api/v1/download/<api_value>" } } }
Code copied to clipboard
Unable to copy due to lack of browser support.
The response contains a file hash you need to download and then unzip to view.
  1. Download the file.
    Request Example
    curl -XPOST "https://api-{fqdn}/public_api/v1/download/<api_value>" -H "x-xdr-auth-id:{API_KEY_ID}" -H "Authorization:{API_KEY}" -H 'Content-Type:application/json' --output /tmp/file.zip
    Code copied to clipboard
    Unable to copy due to lack of browser support.
  2. Unzip the file.
    unzip /tmp/file.zip
    Code copied to clipboard
    Unable to copy due to lack of browser support.

Error Response

Upon error, the reply includes an HTTP response code, an error message, and additional information describing the error. The HTTP response code is one of the following:
Field
Description
400
Bad Request. Got an invalid JSON.
401
Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.
402
Unauthorized access. User does not have the required license type to run this API.
403
Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.
500
Internal server error. A unified status for API communication type errors.
Error Response Format
{"reply": {"err_code": STATUS_CODE, "err_msg": GENERAL_MESSAGE, "err_extra": EXTRA_DATA}}
Code copied to clipboard
Unable to copy due to lack of browser support.

Recommended For You