Get Script Execution Results

Cortex XDR REST API

post /public_api/v1/scripts/get_script_execution_results

Retrieve the results of a script execution action.

Required license: Cortex XDR Pro per Endpoint or Cortex XDR Pro per GB

CURL
curl -X POST \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ "https://api-yourfqdn/public_api/v1/scripts/get_script_execution_results" \ -d '{ "request_data" : { "action_id" : "action_id" } }'
Response
{ "reply": { "script_name": "snippet script", "script_description": "", "script_parameters": [], "date_created": "2020-03-29 13:21:59", "scope": "win_10and 21 other endpoints", "error_message": "", "results": [ { "endpoint_name": "<name>", "endpoint_ip_address": [ "<IP address>" ], "endpoint_status": "LOST", "domain": "aaaa", "endpoint_id": "<endpoint ID>", "execution_status": "PENDING", "standard_output": null, "retrieved_files": 0, "failed_files": 0, "retention_date": null }, { "endpoint_name": "<name>", "endpoint_ip_address": [ "<IP address>" ], "endpoint_status": "LOST", "domain": "<domain name>", "endpoint_id": "<endpoint ID>", "execution_status": "PENDING", "standard_output": null, "retrieved_files": 0, "failed_files": 0, "retention_date": null }, { "endpoint_name": "<name>", "endpoint_ip_address": [ "<IP address>" ], "endpoint_status": "DISCONNECTED", "domain": "WORKGROUP", "endpoint_id": "<endpoint ID>", "execution_status": "PENDING", "standard_output": null, "retrieved_files": 0, "failed_files": 0, "retention_date": null } ] } }
Request
Body
optional
Example: {"request_data":{"action_id":""}}
request_data
required
A dictionary containing the API request fields.
action_id
required
String
Action ID. This can be found in the Cortex XDR console Response > Action Center > Action ID field.
Responses

Successful response

Body
reply
optional
JSON object containing the query result.
script_name
optional
String
Name of the script executed.
script_description
optional
String
Description of the script executed.
script_parameters
optional
Array of objects
For each input parameter used in this execution, an array of name and value.
date_created
optional
String
Timestamp in which the action was initiated.
scope
optional
String
Number of endpoints included in this action according to the filter used to select them.
error_message
optional
String
Error message regarding permissions for running APIs.
results
optional
Array
For each endpoint Cortex XDR displays any returned value by the script. The number of the results and their name are dynamic per script.
endpoint_name
optional
String
Endpoint name.
endpoint_ip_address
optional
Array of strings
Endpoint IP address.
endpoint_status
optional
String
Endpoint status.
domain
optional
String
Domain to which the endpoint belongs.
endpoint_id
optional
String
Endpoint ID.
execution_status
optional
String
Execution status of this endpoint.
standard_output
optional
Object
The STDOUT + STDERR logged by the script during this execution.
retrieved_files
optional
Integer
Number of successfully retrieved files.
failed_files
optional
Integer
Number of files failed to retrieve.
retention_date
optional
Object
Timestamp of when the retrieved files will be deleted from the server.

Bad Request. Got an invalid JSON.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.

Unauthorized access. User does not have the required license type to run this API.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.

Internal server error. A unified status for API communication type errors.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.