Get Script Execution Results
Retrieve the results of a script execution action.
Synopsis
URI | /public_api/v1/scripts/get_script_execution_results/ |
HTTP Method | POST |
Required License | Cortex XDR Pro per Endpoint |
Description
Retrieve the results of a
script execution action.
Request Fields
The body of this request
contains a JSON object with the following fields:
Field | Description |
---|---|
request_data | ( Required ) A dictionary containing the
API request fields. |
action_id | ( Required ) Integer, identifier
of the action, can be found in Cortex XDR console Response Action Center Action ID |
Request Example
curl -X POST https://api-{fqdn}/public_api/v1/scripts/get_script_execution_results/ \ -H "x-xdr-auth-id:{API_KEY_ID}" \ -H "Authorization:{API_KEY}" \ -H "Content-Type:application/json" \ -d '{ "request_data":{"action_id": "<action ID>"} }'
Success Response
Upon success,
the HTTP response code is 200.
Field | Description |
---|---|
reply | JSON object containing the query result. |
script_name | String, name of the script executed. |
script_description | String, description of the script executed. |
script_parameters | Array, name and value of
each input parameter used in this execution. |
date_created | Timestamp in which the action was initiated. |
scope | String, number of endpoints including in
this action, with the filter used to select them. |
error_message | String, error message regarding permissions
for running APIs. |
results | Array, for each endpoint Cortex XDR displays
any returned value by the script. Then number of the results and
their name are dynamic per script:
|
Success Response Example
{ "reply":{ "script_name":"snippet script", "script_description":null, "script_parameters":[ ], "date_created":"2020-03-29 13:21:59", "scope":"win_10and 21 other endpoints", "error_message":"", "results":[ { "endpoint_name":"<name>", "endpoint_ip_address":[ "<IP address>" ], "endpoint_status":"LOST", "domain":"aaaa", "endpoint_id":"<endpoint ID>", "execution_status":"PENDING", "standard_output":null, "retrieved_files":0, "failed_files":0, "retention_date":null }, { "endpoint_name":"<name>", "endpoint_ip_address":[ "<IP address>" ], "endpoint_status":"LOST", "domain":"<domain name>", "endpoint_id":"<endpoint ID>", "execution_status":"PENDING", "standard_output":null, "retrieved_files":0, "failed_files":0, "retention_date":null }, { "endpoint_name":"<name>", "endpoint_ip_address":[ "<IP address>" ], "endpoint_status":"DISCONNECTED", "domain":"WORKGROUP", "endpoint_id":"<endpoint ID>", "execution_status":"PENDING", "standard_output":null, "retrieved_files":0, "failed_files":0, "retention_date":null } ] } }
Error Response
Upon error,
the reply includes an HTTP response code, an error message, and
additional information describing the error. The HTTP response code
is one of the following:
Field | Description |
---|---|
400 | Bad Request. Got an invalid JSON. |
401 | Unauthorized access. An issue occurred during authentication.
This can indicate an incorrect key, id, or other invalid authentication
parameters. |
402 | Unauthorized access. User does not have the
required license type to run this API. |
403 | Forbidden access. The provided API Key does
not have the required RBAC permissions to run this API. |
500 | Internal server error. A unified status for
API communication type errors. |
Error Response Format
{"reply": {"err_code": STATUS_CODE, "err_msg": GENERAL_MESSAGE, "err_extra": EXTRA_DATA}}
Recommended For You
Recommended Videos
Recommended videos not found.