Get Script Execution Results
Retrieve the results of a script execution action.
Synopsis
URI | /public_api/v1/scripts/get_script_execution_results/ |
HTTP Method | POST |
Required License | Cortex XDR Pro per Endpoint |
Description
Retrieve the results of a
script execution action.
Request Fields
The body of this request
contains a JSON object with the following fields:
Field | Description |
|---|---|
request_data | ( Required ) A dictionary containing the
API request fields. |
action_id | ( Required ) Integer, identifier
of the action, can be found in Cortex XDR console Response Action Center Action ID |
Request Example
curl -X POST https://api-{fqdn}/public_api/v1/scripts/get_script_execution_results/ \ -H "x-xdr-auth-id:{API_KEY_ID}" \ -H "Authorization:{API_KEY}" \ -H "Content-Type:application/json" \ -d '{ "request_data":{"action_id": "<action ID>"} }'
Code copied to clipboard
Unable to copy due to lack of browser support.
Success Response
Upon success,
the HTTP response code is 200.
Field | Description |
|---|---|
reply | JSON object containing the query result. |
script_name | String, name of the script executed. |
script_description | String, description of the script executed. |
script_parameters | Array, name and value of
each input parameter used in this execution. |
date_created | Timestamp in which the action was initiated. |
scope | String, number of endpoints including in
this action, with the filter used to select them. |
error_message | String, error message regarding permissions
for running APIs. |
results | Array, for each endpoint Cortex XDR displays
any returned value by the script. Then number of the results and
their name are dynamic per script:
|
Success Response Example
{ "reply":{ "script_name":"snippet script", "script_description":null, "script_parameters":[ ], "date_created":"2020-03-29 13:21:59", "scope":"win_10and 21 other endpoints", "error_message":"", "results":[ { "endpoint_name":"<name>", "endpoint_ip_address":[ "<IP address>" ], "endpoint_status":"LOST", "domain":"aaaa", "endpoint_id":"<endpoint ID>", "execution_status":"PENDING", "standard_output":null, "retrieved_files":0, "failed_files":0, "retention_date":null }, { "endpoint_name":"<name>", "endpoint_ip_address":[ "<IP address>" ], "endpoint_status":"LOST", "domain":"<domain name>", "endpoint_id":"<endpoint ID>", "execution_status":"PENDING", "standard_output":null, "retrieved_files":0, "failed_files":0, "retention_date":null }, { "endpoint_name":"<name>", "endpoint_ip_address":[ "<IP address>" ], "endpoint_status":"DISCONNECTED", "domain":"WORKGROUP", "endpoint_id":"<endpoint ID>", "execution_status":"PENDING", "standard_output":null, "retrieved_files":0, "failed_files":0, "retention_date":null } ] } }
Code copied to clipboard
Unable to copy due to lack of browser support.
Error Response
Upon error,
the reply includes an HTTP response code, an error message, and
additional information describing the error. The HTTP response code
is one of the following:
Field | Description |
|---|---|
400 | Bad Request. Got an invalid JSON. |
401 | Unauthorized access. An issue occurred during authentication.
This can indicate an incorrect key, id, or other invalid authentication
parameters. |
402 | Unauthorized access. User does not have the
required license type to run this API. |
403 | Forbidden access. The provided API Key does
not have the required RBAC permissions to run this API. |
500 | Internal server error. A unified status for
API communication type errors. |
Error Response Format
{"reply": {"err_code": STATUS_CODE, "err_msg": GENERAL_MESSAGE, "err_extra": EXTRA_DATA}}
Code copied to clipboard
Unable to copy due to lack of browser support.
Recommended For You
Recommended Videos
Recommended videos not found.
