RemoveFileWrapper
This Script is part of the Malware Core Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.0.0 and later.
This script is a wrapper for Cortex XDR and CrowdStrike to remove files in given path.
Script Data#
| Name | Description |
|---|---|
| Script Type | python3 |
| Tags | basescript |
| Cortex XSOAR Version | 6.0.0 |
Inputs#
| Argument Name | Description |
|---|---|
| device_ids | List of device IDs. |
| file_path | The file path of the file. |
Outputs#
| Path | Description | Type |
|---|---|---|
| PaloAltoNetworksXDR.ScriptRun.action_id | The ID of the initiated action. | Number |
| PaloAltoNetworksXDR.ScriptRun.endpoints_count | The number of endpoints the action was initiated on. | Number |
| CrowdStrike.Command.rm.HostID | The host ID. | String |
| CrowdStrike.Command.rm.Error | The error message raised if the command failed. | String |
Script Examples#
Example command#
!RemoveFileWrapper device_ids=0bde2c4645294245aca522971ccc44c4 file_path=/tmp/a.txt
Context Example#
Human Readable Output#
Results Summary#
| Instance | Command | Result | Comment |
|---|---|---|---|
| CrowdstrikeFalcon: CrowdstrikeFalcon_instance_1 | command: cs-falcon-rtr-remove-file args: host_ids: 0bde2c4645294245aca522971ccc44c4 file_path: /tmp/a.txt os: Linux | Success | |
| Cortex XDR - IR: Cortex XDR - IR_instance_1 | command: xdr-run-script-delete-file args: endpoint_ids: 0bde2c4645294245aca522971ccc44c4 file_path: /tmp/a.txt | Error | Error in API call [<XX_REPLACED>00] - Internal Server Error {"reply": {"err_code": <XX_REPLACED>00, "err_msg": "An error occurred while processing XDR public API - No endpoint was found for creating the requested action", "err_extra": "can't create group action id for SCRIPT_EXECUTION"}} |
| Cortex XDR - IR: Cortex XDR - IR_instance_1_copy | command: xdr-run-script-delete-file args: endpoint_ids: 0bde2c4645294245aca522971ccc44c4 file_path: /tmp/a.txt | Error | Error in API call [<XX_REPLACED>00] - Internal Server Error {"reply": {"err_code": <XX_REPLACED>00, "err_msg": "An error occurred while processing XDR public API - No endpoint was found for creating the requested action", "err_extra": "can't create group action id for SCRIPT_EXECUTION"}} |
CrowdStrike Falcon rm over the file: /tmp/a.txt#
| HostID | Error |
|---|---|
| 0bde2c4645294245aca522971ccc44c4 | Success |