Restore File
Restore a file on an endpoint.
Synopsis
URI | /public_api/v1/endpoints/restore/ |
HTTP Method | POST |
Required License | Cortex XDR Prevent,
Cortex XDR Pro per Endpoint, or Cortex XDR Pro per TB |
Request Fields
The body of this request
contains a JSON object with the following fields:
Field | Description |
---|---|
request_data | ( Required ) A dictionary containing
the API request fields. |
file_hash | ( Required ) String that represents
the file in hash. Hash must be a valid SHA256. |
endpoint_id | String representing the endpoint ID. If
you do not enter a specific endpoint ID, the request will run restore
on all endpoints which relate to the quarantined file you defined. |
incident_id | String representing the incident ID. When
included in the request, the Restore File action will appear in
the Cortex XDR Incident View Timeline tab. |
Request Example
curl -X POST https://api-{fqdn}/public_api/v1/endpoints/restore/ \ -H "x-xdr-auth-id:{API_KEY_ID}" \ -H "Authorization:{API_KEY}" \ -H "Content-Type:application/json" \ -d '{ "request_data":{ "file_hash":"<hash value>", "incident_id": 302 } }'
Success Response
Upon success,
the HTTP response code is 200.
Field | Description |
---|---|
reply | JSON object containing the query result. |
action_id | ID of action to restore selected endpoints. Response
only indicates the request was successfully sent to the endpoint.
To track if the file was restored successfully either:
|
status | Integer representing whether the action:
|
endpoints_count | Number of endpoints included in the request. |
Success Response Example
{ "reply": { "action_id":"<action ID>", "endpoints_count": "673" } }
Error Response
Upon error,
the reply includes an HTTP response code, an error message, and additional
information describing the error. The HTTP response code is one
of the following:
Field | Description |
---|---|
400 | Bad Request. Got an invalid JSON. |
401 | Unauthorized access. An issue occurred during authentication.
This can indicate an incorrect key, id, or other invalid authentication
parameters. |
402 | Unauthorized access. User does not have the
required license type to run this API. |
403 | Forbidden access. The provided API Key does
not have the required RBAC permissions to run this API. |
500 | Internal server error. A unified status for
API communication type errors. |
Error Response Format
{"reply": {"err_code": STATUS_CODE, "err_msg": GENERAL_MESSAGE, "err_extra": EXTRA_DATA}}
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.