Run Script
Initiate a new endpoint script execution action using
a script from the script library.
Synopsis
URI | /public_api/v1/scripts/run_script/ |
HTTP Method | POST |
Required License | Cortex XDR Pro per Endpoint |
Description
Initiate a new endpoint script
execution action using a script from the script library.
Request Fields
The body of this request
contains a JSON object with the following fields:
Field | Description |
|---|---|
request_data | ( Required ) A dictionary containing the
API request fields. |
script_uid | ( Required ) GUID, unique identifier of
the script, returned by the Get Scripts API per script. |
parameters_values | ( Required ) Dictionary, contains
the parameter name, key and its value for
this execution, value . You can
locate these values by running Get Script Metadata. |
timeout | Integer, represents the timeout in seconds
for this execution. Default value is 600. |
filters | ( Required ) Provides an array of filtered
fields for running the script on a number of endpoints at once. Each
JSON object must contain the following keywords:
|
incident_id | String representing the incident ID. When
included in the request, the Run Script action will appear in the
Cortex XDR Incident View Timeline tab. |
Request Example
curl -X POST https://api-{fqdn}/public_api/v1/scripts/run_script/ \ -H "x-xdr-auth-id:{API_KEY_ID}" \ -H "Authorization:{API_KEY}" \ -H "Content-Type:application/json" \ -d '{ "request_data":{ "filters":[ { "field":"endpoint_id_list", "operator":"in", "value":[ "<endpoint ID>" ] } ], "script_uid":"<unique ID>", "parameters_values":{ "x":"param input as returned in Get Script Metadata", "y":4 } } }'
Code copied to clipboard
Unable to copy due to lack of browser support.
Success Response
Upon success,
the HTTP response code is 200.
Field | Description |
|---|---|
reply | JSON object containing the query result. |
action_id | Integer, ID of the action initiated. ID
will be used as a reference to track in the action center. |
endpoints_count | Integer, number of endpoints the action
was initiated on. |
status |
Success Response Example
{ "reply":{ "action_id":22519813685366, "status":1, "endpoints_count":1 } }
Code copied to clipboard
Unable to copy due to lack of browser support.
Error Response
Upon error,
the reply includes an HTTP response code, an error message, and
additional information describing the error. The HTTP response code
is one of the following:
Field | Description |
|---|---|
400 | Bad Request. Got an invalid JSON. |
401 | Unauthorized access. An issue occurred during authentication.
This can indicate an incorrect key, id, or other invalid authentication
parameters. |
402 | Unauthorized access. User does not have the
required license type to run this API. |
403 | Forbidden access. The provided API Key does
not have the required RBAC permissions to run this API. |
500 | Internal server error. A unified status for
API communication type errors. |
Error Response Format
{"reply": {"err_code": STATUS_CODE, "err_msg": GENERAL_MESSAGE, "err_extra": EXTRA_DATA}}
Code copied to clipboard
Unable to copy due to lack of browser support.
Recommended For You
Recommended Videos
Recommended videos not found.
