post
/public_api/v1/endpoints/abort_scan
Cancel the scan of selected endpoints. A scan can only be aborted if the selected endpoints are in Pending or in Progress status.
When filtering by multiple fields: - Response is concatenated using AND condition (OR is not supported). - Offset is the zero-based number of endpoints from the start of the result set.
Required license: Cortex XDR Prevent, Cortex XDR Pro per Endpoint, or Cortex XDR Pro per GB
Body parameters
request_dataObjectrequired
A dictionary containing the API request fields.
filtersArray string
An array of filter fields to filter which endpoints to cancel scanning. To cancel scan of all endpoints, use the value "all".
incident_idString
Incident ID. When included in the request, the Cancel Scan Endpoints action will appear in the Cortex XDR Incident View Timeline tab.
REQUEST BODY
{
"request_data": {
"filters": "all"
}
}
CURL
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
'https://api-yourfqdn/public_api/v1/endpoints/abort_scan'
-d
''
Responses