Skip to main content

Containment Plan - Quarantine File

This Playbook is part of the Common Playbooks Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.6.0 and later.

Containment Plan - Quarantine File#

This playbook is a sub-playbook within the containment plan playbook. The playbook quarantines files using core commands.


This playbook uses the following sub-playbooks, integrations, and scripts.


This playbook does not use any sub-playbooks.


This playbook does not use any integrations.


  • Set
  • PrintErrorEntry


  • core-get-quarantine-status
  • setParentIncidentContext
  • core-quarantine-files

Playbook Inputs#

NameDescriptionDefault ValueRequired
FileContainmentSet to 'True' to quarantine the identified file.TrueOptional
FileRemediationChoose 'Quarantine' or 'Delete' to avoid file remediation conflicts.
For example, choosing 'Quarantine' ignores the 'Delete file' task under the eradication playbook and will execute only file quarantine.
FilePathThe path of the file to block.Optional
FileHashThe file hash to block.Optional
EndpointIDThe endpoint ID to run commands over.Optional
AutoContainmentWhether to execute containment plan automatically.Optional

Playbook Outputs#

QuarantinedFilesFromEndpointsThe quarantined files from endpoint.unknown

Playbook Image#

Containment Plan - Quarantine File