Get Scripts

Get a list of scripts available in the scripts library.

Synopsis

URI	/public_api/v1/scripts/get_scripts/
HTTP Method	POST
Required License	Cortex XDR Pro per Endpoint

Description

Get a list of scripts available in the scripts library.

Request Fields

The body of this request contains a JSON object with the following fields:

You can send a request to retrieve either all
or filtered
results.

Field	Description
request_data	(`Required`) A dictionary containing the API request fields. An empty dictionary returns all results.
filters	(`Required`) Provides an array of filtered fields. Each JSON object must contain the following keywords: field Identifies a list the filters match. Filters are based on the following keywords: name —String of the script name. description —String of the script description. created_by —String of the user name of who created the script. script_uid —GUID, global ID of the script, used to identify the script when executing. modification_date —Timestamp of when the script was last modified. windows_supported —Whether the script can be executed on Windows operating system. linux_supported —Whether the script can be executed on Linux operating system. macos_supported —Whether the script can be executed on Mac operating system. is_high_risk —Whether the script has a high-risk outcome. operator String that identifies the comparison operator you want to use for this filter. Valid keywords and values are: in Name , description , created_by , script_uid , windows_supported , linux_supported , macos_supported , is_high_risk —List of strings. gte / lte modification_date —Integer in timestamp epoch milliseconds. value Value that this filter must match. Valid keywords: linux_supported , windows_supported , macos_supported , is_high_risk —Boolean true or false . Name , description , created_by , script_uid —List of strings. modification_date —Integer in timestamp epoch milliseconds.

Field

Description

request_data

(Required) A dictionary containing the API request fields.

An empty dictionary returns all results.

filters

(Required) Provides an array of filtered fields. Each JSON object must contain the following keywords:

field

Identifies a list the filters match. Filters are based on the following keywords:

name

—String of the script name.

description

—String of the script description.

created_by

—String of the user name of who created the script.

script_uid

—GUID, global ID of the script, used to identify the script when executing.

modification_date

—Timestamp of when the script was last modified.

windows_supported

—Whether the script can be executed on Windows operating system.

linux_supported

—Whether the script can be executed on Linux operating system.

macos_supported

—Whether the script can be executed on Mac operating system.

is_high_risk

—Whether the script has a high-risk outcome.

operator

String that identifies the comparison operator you want to use for this filter. Valid keywords and values are:

Name

description

created_by

script_uid

windows_supported

linux_supported

macos_supported

is_high_risk

—List of strings.

gte

lte

modification_date

—Integer in timestamp epoch milliseconds.

value

Value that this filter must match. Valid keywords:

linux_supported

windows_supported

macos_supported

is_high_risk

—Boolean

true

false

Name

description

created_by

script_uid

—List of strings.

modification_date

—Integer in timestamp epoch milliseconds.

Request Example

Request all results:

curl -X POST https://api-{fqdn}/public_api/v1/scripts/get_scripts/ \
-H "x-xdr-auth-id:{API_KEY_ID}" \
-H "Authorization:{API_KEY}" \
-H "Content-Type:application/json" \
-d '{ 
   "request_data":{}
   }'

Request filtered results:


curl -X POST https://api-{fqdn}/public_api/v1/scripts/get_scripts/ \    
-H "x-xdr-auth-id:{API_KEY_ID}" \    
-H "Authorization:{API_KEY}" \    
-H "Content-Type:application/json" \    
-d '{ 
   "request_data":{
   "filters":[
      {
         "field":"is_high_risk",
         "operator":"in",
         "value":[
            "false"
         ]
      }
   ]
}'

Success Response

Upon success, the HTTP response code is 200.

Field	Description
reply	JSON object containing the query result.
total_count	Number of total results of this filter without paging.
result_count	Number of scripts returned as result (integer).
scripts	An array of scripts containing the following information: script_id —Integer, Script ID. name —String , name of script. description —String , description of script. modification_date —Timestamp of when the script was last modified. created_by —String , name of the user who created the script. windows_supported — Boolean , whether the script can be executed on Windows OS. linux_supported —Boolean, whether the script can be executed on Linux OS. macos_supported —Boolean , whether the script can be executed on macOS. is_high_risk —Boolean , whether the script has a high-risk outcome. script_uid —GUID, global ID of the script, used to identify the script when executing.

Success Response Example

{
   "reply":{
      "total_count": 129,
      "result_count":24,
      "scripts":[
         {
            "script_id":<script ID>,
            "name":"list_directories",
            "description":"List all directories under path",
            "modification_date":1585074627259,
            "created_by":"Palo Alto Networks",
            "is_high_risk":false,
            "windows_supported":true,
            "linux_supported":true,
            "macos_supported":true,
            "script_uid":"<unique ID>"
         },
         {
            "script_id":<script ID>,
            "name":"test 1",
            "description":"test",
            "modification_date":1583052236449,
            "created_by":"User 1",
            "is_high_risk":false,
            "windows_supported":true,
            "linux_supported":false,
            "macos_supported":false,
            "script_uid":"<unique ID>"
         },
         {
            "script_id":<script ID>,
            "name":"test 2",
            "description":"test 2",
            "modification_date":1582709343498,
            "created_by":"User 2",
            "is_high_risk":false,
            "windows_supported":true,
            "linux_supported":true,
            "macos_supported":true,
            "script_uid":"<unique ID>"
         }
      ]
   }
}

Error Response

Upon error, the reply includes an HTTP response code, an error message, and additional information describing the error. The HTTP response code is one of the following:

Field	Description
400	Bad Request. Got an invalid JSON.
401	Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.
402	Unauthorized access. User does not have the required license type to run this API.
403	Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.
500	Internal server error. A unified status for API communication type errors.

Error Response Format

{"reply": {"err_code": STATUS_CODE, "err_msg": GENERAL_MESSAGE, "err_extra": EXTRA_DATA}}

Document:Cortex XDR™ API Reference

Get Scripts

Get Scripts

Synopsis

Description

Request Fields

Success Response

Error Response

Recommended For You

Document:Cortex XDR™ API Reference

Get Scripts

Get Scripts

Synopsis

Description

Request Fields

Success Response

Error Response

Recommended For You

Recommended Videos