Deleting a File from an Endpoint (SOAR Action in ServiceNow)

This SOAR action deletes a file from the endpoint in selected alerts.

This action can be run from an alert and from a device.
The file named in the threat_cause_actor_name field of the selected alerts is deleted. You must confirm the file deletion.
If you perform the action from the device, the file path must be added.
If this action is run on an alert that does not have a threat_cause_actor_name file attached to it, the action does not execute and a work note is added to the Incident.
If you try to perform the action and the file does not exist on the selected device, the error is populated in the work note.