Get Script Execution Results

Retrieve the results of a script execution action.

Synopsis

URI
/public_api/v1/scripts/get_script_execution_results/
HTTP Method
POST
Required License
Cortex XDR Pro per Endpoint

Description

Retrieve the results of a script execution action.

Request Fields

The body of this request contains a JSON object with the following fields:
Field
Description
request_data
(
Required
) A dictionary containing the API request fields.
action_id
(
Required
) Integer, identifier of the action, can be found in Cortex XDR console
Response
Action Center
Action ID
field.
Request Example
curl -X POST https://api-{fqdn}/public_api/v1/scripts/get_script_execution_results/ \ -H "x-xdr-auth-id:{API_KEY_ID}" \ -H "Authorization:{API_KEY}" \ -H "Content-Type:application/json" \ -d '{ "request_data":{"action_id": "<action ID>"} }'

Success Response

Upon success, the HTTP response code is 200.
Field
Description
reply
JSON object containing the query result.
script_name
String, name of the script executed.
script_description
String, description of the script executed.
script_parameters
Array,
name
and
value
of each input parameter used in this execution.
date_created
Timestamp in which the action was initiated.
scope
String, number of endpoints including in this action, with the filter used to select them.
error_message
String, error message regarding permissions for running APIs.
results
Array, for each endpoint Cortex XDR displays any returned value by the script. Then number of the results and their name are dynamic per script:
  • endpoint_name
    -Endpoint name
  • endpoint_ip_address
    - Endpoint IP address
  • endpoint_status
    -Endpoint status
  • domain
    -Domain to which the endpoint belongs
  • endpoint_id
    -Endpoint ID
  • execution_status
    -Execution status of this endpoint
  • return_value
    -Value returned by the script in case the type is not a dictionary
  • standard_output
    -The STDOUT + STDERR logged by the script during the execution
  • retrieved_files
    -Number of successfully retrieved files
  • failed_files
    -Number of files failed to retrieve
  • retention_date
    -Timestamp in which the retrieved files will be deleted from the server
Success Response Example
{ "reply":{ "script_name":"snippet script", "script_description":null, "script_parameters":[ ], "date_created":"2020-03-29 13:21:59", "scope":"win_10and 21 other endpoints", "error_message":"", "results":[ { "endpoint_name":"<name>", "endpoint_ip_address":[ "<IP address>" ], "endpoint_status":"LOST", "domain":"aaaa", "endpoint_id":"<endpoint ID>", "execution_status":"PENDING", "standard_output":null, "retrieved_files":0, "failed_files":0, "retention_date":null }, { "endpoint_name":"<name>", "endpoint_ip_address":[ "<IP address>" ], "endpoint_status":"LOST", "domain":"<domain name>", "endpoint_id":"<endpoint ID>", "execution_status":"PENDING", "standard_output":null, "retrieved_files":0, "failed_files":0, "retention_date":null }, { "endpoint_name":"<name>", "endpoint_ip_address":[ "<IP address>" ], "endpoint_status":"DISCONNECTED", "domain":"WORKGROUP", "endpoint_id":"<endpoint ID>", "execution_status":"PENDING", "standard_output":null, "retrieved_files":0, "failed_files":0, "retention_date":null } ] } }

Error Response

Upon error, the reply includes an HTTP response code, an error message, and additional information describing the error. The HTTP response code is one of the following:
Field
Description
400
Bad Request. Got an invalid JSON.
401
Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.
402
Unauthorized access. User does not have the required license type to run this API.
403
Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.
500
Internal server error. A unified status for API communication type errors.
Error Response Format
{"reply": {"err_code": STATUS_CODE, "err_msg": GENERAL_MESSAGE, "err_extra": EXTRA_DATA}}

Recommended For You