Note  Due to a current limitation with the XML parser, the module is not supported on Windows Endpoints that run on a 64-bit operating system.

Def:	GetFilePathFromXML(IncidentXml)
Description:	Reads and analyses the incident details from the provided XML file.

Params:	IncidentXml	Unicode	The path to the XML file containing the incident details.
Returns: tuple	0	Unicode	"NETWORK" or "ENDPOINT", depends on the discovery location.
	1	Unicode	The absolute file path. On the endpoint it will have the UNC form \\hostname\C\path\to\file.
	2	Unicode	True.

Def:	RunCommand(Command, FilePath)
Description:	Runs a command, ignores the output and logs any errors.

Params:	Command	Unicode	A command to execute. The string should contain the string "$filepath$" which would be replaced with the FilePath parameter.
	FilePath	Unicode	A path given as a parameter to the command. If no path is given, it must be an empty string.
Returns:	None

Def:	ProcessDicoveryIncident(IncidentXml, Command)
Description:	Runs a command, providing the incident file name as a parameter. This is quite useful to run commands that expect the original file as one of its parameters.

Params:	IncidentXML	Unicode	The path of the incident XML file.
	Command	Unicode	A command to execute. The string should contain the string "$filepath$" which would be replaced with the actual filename in the incident XML.
Returns:	None

Def:	MoveDiscoveryIncident (IncidentXml, Location, RemoveFile, DaysKeepActiveFiles, QuarentineMsg)
Description:	Move the file pointed to by the incident into a folder. The file will be moved by copying it to the destination folder and then overwriting the original with a text message. Alternatively the file can be copied. The file is checked for access before it is copied / moved and will not be moved if it is accessed recently.

Params:	IncidentXML	Unicode	The path of the incident XML file.
	Location	Unicode	A command to execute. The string should contain the string "$filepath$" which would be replaced with the actual filename in the incident XML.
	RemoveFile	bool	If True, the original file is moved. If False – it is only copied.
	DaysKeepActiveFiles	Int	Don't move the file if it was accessed within this number of days.
	QuarantineMsg	str	A string which will replace the original file. Should be formatted according to the way the file will look. The file will always have a .txt extension so make sure it can be opened in Notepad – for example if you want the message to be in Unicode you must encode it as UTF-8 or UTF-16 with BOM.
Returns:	None