- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-22-2021 01:06 AM
Hi all,
Can the XDR auto delete files it has flagged, be it by local analysis or wildfire analysis? Or does it just block and quarantine files?
11-22-2021 07:13 AM
looks like in the new v3.1 version you can do this:
Permanently Delete Quarantined files (Requires a Cortex XDR agent 7.6 or a later release for Windows) | To help you better manage malicious files which have been quarantined and avoid any potential mistake of restoring unwanted files, you can now permanently delete quarantined files on the endpoint from the File Quarantine Details page. |
05-02-2023 12:04 AM
Hey! I want to ask more about it. whats the API call to delete file other than quarantine file API at end point.
05-02-2023 10:12 PM
Regarding your use case above i.e. api call to delete file. You may run script using api to delete a file. There is a python script with name "delete_file" under Script library which you can locate at (Incident Response -> Response -> Action Center -> Agent Script Library). Using the api you may mention the file path of the file which needs to be deleted.
Screenshot for reference:
API Ref: https://cortex-panw.stoplight.io/docs/cortex-xdr/3675bfc1e315e-run-script
Hope this helps!
Please mark the response as "Accept as Solution" if it answers your query.
Regards.
05-02-2023 10:20 PM
04-22-2024 07:40 AM
where you found this scripts??
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!