Skip to main content
Adds files which do not exist in the allow or block lists to a block list.
External DocumentationTo learn more, visit the Cortex XDR documentation.

Parameters

ParameterDescription
CommentAdditional information regarding the action.
File Hashes ListA comma-separated list of file hashes which will be added to a block list.
Incident IDString representing the incident ID.

When included in the request, the Isolate Endpoints action will appear in the Cortex XDR Incident View Timeline tab.

Example Output

true

Workflow Library Example

Add Files to Block List with Cortex Xdr and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop
I