Delete a Forensic Data Ingestion Tool

Note

To use the data ingestion tool features, you can add the DFIR package to your instance of the Cybereason platform for an additional cost or request an Express IR environment (partners only). Contact your Customer Success representative to request access to this package or for details on how to submit the request, see How to Request a Cybereason Express IR Environment.

Endpoint URL: https://<your server>/rest/forensics/deleteForensicTool
Endpoint URI: forensics/deleteForensicTool

Action: POST

Enables you to delete a forensic data ingestion tool from endpoint machines.

This request is supported for versions 21.2.221 and higher.

You must have the Responder L2 role assigned for your Cybereason user to run this request.

Note

Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.

Request Headers

You must add a Content-Type:application/json header with the request.

Note

If you are using cURL, add the authorization cookie details or the path to the file containing the cookie details as part of every request.


Request Body

Input: JSON

Download JSON syntax file

Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.

{
    "toolName":"<tool name>"
}

Request Parameters

URL/URI parameters: none

Request Body Parameters: You must add a string value for the forensic data package name to delete in the required toolName key. To retrieve a list of supported packages, see Retrieve a List of Supported Forensics Ingestion Tools.


Response Status Codes

This request can return the following status codes:

  • 200: The request succeeded

  • 400: Bad request parameters

  • 403: Lack of permissions to perform the request

  • 500: Internal error on Perspective Server

  • 503: Forensics/IRTools service is disabled


Response Success Schema

The response contains a message Forensic tool <tool name> delete request was submitted successfully.


Response Failure Schema

An error code with a description of the error.


Example: Remove a forensic data ingestion tool from endpoint machines

Request

curl --request POST \
  --url https://12.34.56.78/rest/forensics/deleteForensicTool \
  --data '{
            "toolName": "CustomPrefetchOfflineCollector"
          }'

Response

Forensic tool CustomPrefetchOfflineCollector delete request was submitted successfully