Supported Cortex XSOAR versions: 6.6.0 and later.
This playbook is a sub-playbook within the containment plan playbook. The playbook quarantines files using core commands.
This playbook uses the following sub-playbooks, integrations, and scripts.
This playbook does not use any sub-playbooks.
This playbook does not use any integrations.
|Set to 'True' to quarantine the identified file.
|Choose 'Quarantine' or 'Delete' to avoid file remediation conflicts.
For example, choosing 'Quarantine' ignores the 'Delete file' task under the eradication playbook and will execute only file quarantine.
|The path of the file to block.
|The file hash to block.
|The endpoint ID to run commands over.
|Whether to execute containment plan automatically.
|The quarantined files from endpoint.