Get Script Execution Results

Cortex XDR REST API

post /public_api/v1/scripts/get_script_execution_results

Retrieve the results of a script execution action.

Required license: Cortex XDR Pro per Endpoint or Cortex XDR Pro per GB

Body parameters
request_dataObjectrequired

A dictionary containing the API request fields.

action_idString

Action ID. This can be found in the Cortex XDR console Response > Action Center > Action ID field.

REQUEST BODY
{ "request_data": { "action_id": "<action_id>" } }
CURL
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
'https://api-yourfqdn/public_api/v1/scripts/get_script_execution_results'
-d ''
Responses

Successful response

Body
replyObject

JSON object containing the query result.

script_nameString

Name of the script executed.

script_descriptionString

Description of the script executed.

script_parametersArray

For each input parameter used in this execution, an array of name and value.

date_createdString

Timestamp in which the action was initiated.

scopeString

Number of endpoints included in this action according to the filter used to select them.

error_messageString

Error message regarding permissions for running APIs.

resultsArray

For each endpoint Cortex XDR displays any returned value by the script. The number of the results and their name are dynamic per script.

endpoint_nameString

Endpoint name.

endpoint_ip_addressArray[string]

Endpoint IP address.

endpoint_statusString

Endpoint status.

domainString

Domain to which the endpoint belongs.

endpoint_idString

Endpoint ID.

execution_statusString

Execution status of this endpoint.

standard_outputObject

The STDOUT + STDERR logged by the script during this execution.

retrieved_filesInteger

Number of successfully retrieved files.

failed_filesInteger

Number of files failed to retrieve.

retention_dateObject

Timestamp of when the retrieved files will be deleted from the server.

RESPONSE
{ "reply": { "script_name": "snippet script", "script_description": "", "script_parameters": [], "date_created": "2020-03-29 13:21:59", "scope": "win_10and 21 other endpoints", "error_message": "", "results": [ { "endpoint_name": "<name>", "endpoint_ip_address": [ "<IP address>" ], "endpoint_status": "LOST", "domain": "aaaa", "endpoint_id": "<endpoint ID>", "execution_status": "PENDING", "standard_output": null, "retrieved_files": 0, "failed_files": 0, "retention_date": null }, { "endpoint_name": "<name>", "endpoint_ip_address": [ "<IP address>" ], "endpoint_status": "LOST", "domain": "<domain name>", "endpoint_id": "<endpoint ID>", "execution_status": "PENDING", "standard_output": null, "retrieved_files": 0, "failed_files": 0, "retention_date": null }, { "endpoint_name": "<name>", "endpoint_ip_address": [ "<IP address>" ], "endpoint_status": "DISCONNECTED", "domain": "WORKGROUP", "endpoint_id": "<endpoint ID>", "execution_status": "PENDING", "standard_output": null, "retrieved_files": 0, "failed_files": 0, "retention_date": null } ] } }

Bad Request. Got an invalid JSON.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Unauthorized access. User does not have the required license type to run this API.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Internal server error. A unified status for API communication type errors.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }