Cancel Scan Endpoints

Cortex XDR REST API

post /public_api/v1/endpoints/abort_scan

Cancel the scan of selected endpoints. A scan can only be aborted if the selected endpoints are in Pending or in Progress status.

When filtering by multiple fields: - Response is concatenated using AND condition (OR is not supported). - Offset is the zero-based number of endpoints from the start of the result set.

Required license: Cortex XDR Prevent, Cortex XDR Pro per Endpoint, or Cortex XDR Pro per GB

Body parameters
request_dataObjectrequired

A dictionary containing the API request fields.

filtersArray string

An array of filter fields to filter which endpoints to cancel scanning. To cancel scan of all endpoints, use the value "all".

incident_idString

Incident ID. When included in the request, the Cancel Scan Endpoints action will appear in the Cortex XDR Incident View Timeline tab.

REQUEST BODY
{ "request_data": { "filters": "all" } }
CURL
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
'https://api-yourfqdn/public_api/v1/endpoints/abort_scan'
-d ''
Responses

Successful response

Body
replyObject

JSON object containing the query result.

action_idString

ID of action to cancel scan selected endpoints. Response only indicates the request was successfully sent to the endpoint. To track if the scan succeeded either: - In Cortex XDR console, navigate to Response > Action Center and search for the action ID. Make sure the Action ID field is selected in the table Layout settings. - Send a Get Action Status API request.

endpoints_countString

Number of endpoints included in the request.

RESPONSE
{ "example-1": { "reply": { "action_id": "<action ID value>", "status": "1", "endpoints_count": "673" } } }

Bad Request. Got an invalid JSON.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Unauthorized access. User does not have the required license type to run this API.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Internal server error. A unified status for API communication type errors.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:{"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }