Restore File
Restore a file on an endpoint.
Synopsis
URI | /public_api/v1/endpoints/restore/ |
HTTP Method | POST |
Required License | Cortex XDR Prevent or Cortex XDR Pro per Endpoint |
Description
Restore a quarantined file
on a requested endpoints.
When filtering by multiple fields:
- Response is concatenated usingANDcondition (OR is not supported).
- Maximum result set size is 100.
- Offsetis the zero-based number of incidents from the start of the result set.
Request Fields
The body of this request
contains a JSON object with the following fields:
Field | Description |
---|---|
request_data | ( Required ) A dictionary containing
the API request fields. |
file_hash | ( Required ) String that represents
the file in hash. Hash must be a valid SHA256. |
endpoint_id | String that represents the endpoint ID. If
you do not enter a specific endpoint ID, the request will run restore
on all endpoints which relate to the quarantined file you defined. |
Request Example
curl -X POST https://api-{fqdn}/public_api/v1/endpoints/restore/ \ -H "x-xdr-auth-id:{API_KEY_ID}" \ -H "Authorization:{API_KEY}" \ -H "Content-Type:application/json" \ -d '{ "request_data":{ "file_hash":"<hash value>" } }'
Success Response
Upon success,
the HTTP response code is 200.
Field | Description |
---|---|
reply | JSON object containing the query result. |
action_id | ID of action to restore selected endpoints. Response
only indicates the request was successfully sent to the endpoint.
To track if the file was restored successfully either:
|
status | Integer representing whether the action:
|
endpoints_count | Number of endpoints included in the request. |
Success Response Example
{ "reply": { "action_id":"<action ID>", "status": "1", "endpoints_count": "673" } }
Error Response
Upon error,
the reply includes an HTTP response code, an error message, and
additional information describing the error. The HTTP response code
is one of the following:
Field | Description |
---|---|
400 | Bad Request. Got an invalid JSON. |
401 | Unauthorized access. An issue occurred during authentication.
This can indicate an incorrect key, id, or other invalid authentication
parameters. |
402 | Unauthorized access. User does not have the
required license type to run this API. |
403 | Forbidden access. The provided API Key does
not have the required RBAC permissions to run this API. |
500 | Internal server error. A unified status for
API communication type errors. |
Error Response Format
{"reply": {"err_code": STATUS_CODE, "err_msg": GENERAL_MESSAGE, "err_extra": EXTRA_DATA}}
Recommended For You
Recommended Videos
Recommended videos not found.