Skip to main content

Cortex XDR - kill process

This Playbook is part of the Palo Alto Networks Cortex XDR - Investigation and Response Pack.#

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

Initiates a new endpoint script execution kill process and retrieves the results.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Cortex XDR - Check Action Status


  • CortexXDRIR


This playbook does not use any scripts.


  • xdr-run-script-kill-process
  • xdr-get-script-execution-results

Playbook Inputs#

NameDescriptionDefault ValueRequired
endpoint_idA comma-separated list of endpoint IDs.Optional
process_nameA comma-separated list of process names to kill.
Process will be killed on all provided endpoint ids.
script_timeoutThe timeout in seconds for this execution.
(Default is: '600')
polling_timeoutAmount of time to poll action status before declaring a timeout and resuming the playbook (in minutes).10Optional

Playbook Outputs#

PaloAltoNetworksXDR.ScriptResult.results._return_valueValue returned by the script in case the type is not a dictionary.unknown
PaloAltoNetworksXDR.ScriptResult.results.standard_outputThe STDOUT and the STDERR logged by the script during the execution.unknown

Playbook Image#

Cortex XDR - kill process