Download the freshly created xdr-distribution-file

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Download the freshly created xdr-distribution-file

L3 Networker


I'm looking for an autmoatisation, where I'm able to download the freshly created xdr-distribution-file.
In my Playbook I've created following steps:


Now, the last step tells me an URL to download the xdr-file.
I would like to download that file to put it on out internal server for our client developers.
Does anyone have an Idea, how I may get that file?



Hi @r_buchwalder ,

Have you checked XDR API reference documentation -

If I understand your question all information should be already there.

Just reading the docs it seems the flow should be as follow:

- Make Create distribution API call (Create Distributions • Cortex XDR API Reference • Reader • Palo Alto Networks documentation portal), which will return distribution ID

- Make Get Distribution Status API call providing the ID from previous call. This will tell you if package is ready for download or still creating. You probably need to loop this until status is ready

- Make Get Distribution URL API call providing the same ID. This will return URL from which you can then download the package.

Hello @aleksandar.astardzhiev 

That is exactly what I did. But now, I would like to download that file in xsoar and put it on an smb share.

The URL I get need a Palo-Login...

Is there an automated way to get that file within xsoar?




Hi @r_buchwalder,


The URL provided in the response from the "Get Distribution URL" API is signed and only lasts for a short amount of time. You can download the file by making a GET or POST request directly to that URL with the standard headers (Authorization, x-xdr-auth-id) as you would for any other XDR API call.

For example, here is how you can make such a request with curl to download the installation package from the distribution_url:

curl --location --request POST 'DISTRIBUTION_URL_GOES_HERE' \
--header 'Authorization: API_KEY_GOES_HERE' \
--header 'x-xdr-auth-id: API_KEY_ID_GOES_HERE' \
--output '/path/to/file.msi'


I hope this helps!




Hello Tim


If I do that with the curl-trick; I get this as response:
{"reply": {"err_code": 401, "err_msg": "Public API request unauthorized", "err_extra": null}}
The key-ID and keys are all the same.

If I call the URL directly in a Browser, I get also a HTTP 401 error. 



  • 4 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!