post
/public_api/v1/tags/agents/assign
Assign one or more tags to one or more endpoints.
Required license: Cortex XDR Prevent or Cortex XDR Pro per Endpoint
CURL
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/tags/agents/assign" \
-d '{
"request_data" : {
"filters" : [ {
"field" : "endpoint_id_list",
"value" : [ "value", "value" ],
"operator" : "in"
}, {
"field" : "endpoint_id_list",
"value" : [ "value", "value" ],
"operator" : "in"
} ],
"tag" : "tag"
}
}'
Request
Body
optional
Example:
{"request_data":{"filters":[{"field":"endpoint_id_list","operator":"in","value":[""]}],"tag":""}}
request_data
optional
filters
optional
Array
An array of filter fields.
field
required
String
(Enum)
String that identifies the field the filter is matching. Filters are based on the following keywords:
endpoint_id_list
: List of endpoint IDs.last_seen
: When an endpoint was last seen.first_seen
: When an endpoint was first seen.dist_name
: Distribution / Installation Package name.ip_list
: List of IP addresses.platform
: Platform name.alias
: Alias name.hostname
: Hostname.isolate
: If the endpoint was isolated.username
: Name of user.scan_status
: Status of the scan.group_name
: Group name the agent belongs to.endpoint_status
: Status of the endpoint ID.operational_status
: Operational status.public_ip_list
: List of public IP addresses.
Allowed values:
endpoint_id_list
endpoint_status
dist_name
ip_list
group_name
platform
alias
isolate
hostname
operator
required
String
(Enum)
String that identifies the comparison operator you want to use for this filter. Valid keywords and values are:
in
endpoint_id_list
,dist_name
,group_name
,alias
,hostname
,username
,operational_status
: List of strings.endpoint_status
: Permitted values areconnected
,lost
,disconnected
,uninstalled
.ip_list
,public_ip_list
: List of strings, for example "192.168.5.12".platform
: Permitted values arewindows
,linux
,macos
,android
,ios
.isolate
: Permitted values areisolated
orunisolated
.scan_status
: Permitted values arenone
,pending
,in_progress
,canceled
,aborted
,pending_cancellation
,success
, orerror
.operational_status
: Permitted values areprotected
,partially_protected
,unprotected
.gte
/lte
first_seen
andlast_seen
: Integer in timestamp epoch milliseconds.
Allowed values:
in
gte
lte
value
required
Array
of strings
Value that this filter must match. The contents of this field will differ depending on the endpoint field that you specified for this filter:
endpoint_id_list
,dist_name
,group_name
,alias
,hostname
,username
,operational_status
: List of strings.endpoint_status
: Must contain only the following valid values:connected
,disconnected
,lost
, oruninstalled
.operational_status
: Must contain only the following valid values:protected
,partially_protected
,unprotected
.ip_list
,public_ip_list
: String list of IP addresses.platform
: Must contain only the following valid values:windows
,linux
,macos
,android
, orios
.isolate
: Must contain only the following valid values:isolated
orunisolated
.scan_status
: Must contain only the following valid values:none
,pending
,in_progress
,canceled
,aborted
,pending_cancellation
,success
, orerror
.first_seen
andlast_seen
: Integer in timestamp epoch milliseconds.
tag
optional
String
The tag you want to assign.
Responses