1. Home
    2. Cortex
    3. Cortex XDR
    4. Cortex XDR™ API Reference
    5. Cortex XDR APIs
    6. Script Execution APIs
    7. Run Script

    Run Script

    Initiate a new endpoint script execution action using a script from the script library.

    Synopsis

    URI
    /public_api/v1/scripts/run_script/
    HTTP Method
    POST
    Required License
    Cortex XDR Pro per Endpoint

    Description

    Initiate a new endpoint script execution action using a script from the script library.

    Request Fields

    The body of this request contains a JSON object with the following fields:
    Field
    Description
    request_data
    (
    Required
    ) A dictionary containing the API request fields.
    script_uid
    (
    Required
    ) GUID, unique identifier of the script, returned by the “get scripts” API per script.
    parameters_values
    (
    Required
    ) Dictionary, contains the parameter name,
    key
     and its value for this execution,
    value
    .
    timeout
    Integer, represents the timeout in seconds for this execution. Default value is 600.
    filters
    (
    Required
    ) Provides an array of filtered fields for running the script on a number of endpoints at once.
    Each JSON object must contain the following keywords:
    • field
      String that identifies a list the filters match. Filters are based on the following keywords:
      • endpoint_id_list
        —List of endpoint IDs.
    • operator
      String that identifies the comparison operator you want to use for this filter. Valid keywords and values are:
      in
      • endpoint_id_list
        —List of strings
    • value
      Value that this filter must match. Valid keywords:
      • endpoint_id_list
        —List of strings
    Request Example
    
curl -X POST https://api-{fqdn}/public_api/v1/scripts/run_script/ \    
-H "x-xdr-auth-id:{API_KEY_ID}" \    
-H "Authorization:{API_KEY}" \    
-H "Content-Type:application/json" \    
-d '{ 
   "request_data":{
   "filters":[
      {
         "field":"endpoint_id_list",
         "operator":"in",
         "value":[
            "<endpoint ID>"
         ]
      }
   ],
   "script_uid":"<unique ID>",
   "parameters_values":{
      "x":"param input as string",
      "y":4
   }
}


}'

    Success Response

    Upon success, the HTTP response code is 200.
    Field
    Description
    reply
    JSON object containing the query result.
    action_id
    Integer, ID of the action initiated. ID will be used as a reference to track in the action center.
    endpoints_count
    Integer, number of endpoints the action was initiated on.
    status
    Success Response Example
    {
   "reply":{
      "action_id":22519813685366,
      "status":1,
      "endpoints_count":1
   }
}

    Error Response

    Upon error, the reply includes an HTTP response code, an error message, and additional information describing the error. The HTTP response code is one of the following:
    Field
    Description
    400
    Bad Request. Got an invalid JSON.
    401
    Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.
    402
    Unauthorized access. User does not have the required license type to run this API.
    403
    Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.
    500
    Internal server error. A unified status for API communication type errors.
    Error Response Format
    {"reply": {"err_code": STATUS_CODE, "err_msg": GENERAL_MESSAGE, "err_extra": EXTRA_DATA}}

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2021 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo