Get Scripts

Cortex XDR REST API
post /public_api/v1/scripts/get_scripts

Get a list of scripts available in the scripts library.

Required licence: Cortex XDR Pro per Endpoint or Cortex XDR Pro per GB

CURL
curl -X POST \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ "https://api-yourfqdn/public_api/v1/scripts/get_scripts" \ -d '{ "request_data" : { "filters" : [ { "field" : "name", "value" : [ "value", "value" ], "operator" : "in" }, { "field" : "name", "value" : [ "value", "value" ], "operator" : "in" } ] } }'
Response
{ "reply": { "total_count": 129, "result_count": 24, "scripts": [ { "script_id": "<script ID>", "name": "list_directories", "description": "List all directories under path", "modification_date": 1585074627259, "created_by": "Palo Alto Networks", "is_high_risk": false, "windows_supported": true, "linux_supported": true, "macos_supported": true, "script_uid": "<unique ID>" }, { "script_id": "<script ID>", "name": "test 1", "description": "test", "modification_date": 1583052236449, "created_by": "User 1", "is_high_risk": false, "windows_supported": true, "linux_supported": false, "macos_supported": false, "script_uid": "<unique ID>" }, { "script_id": "<script ID>", "name": "test 2", "description": "test 2", "modification_date": 1582709343498, "created_by": "User 2", "is_high_risk": false, "windows_supported": true, "linux_supported": true, "macos_supported": true, "script_uid": "<unique ID>" } ] } }
Request
Body
optional
You can send a request to retrieve either all or filtered results.
Example: {"request_data":{}}
request_data
required
A dictionary containing the API request fields. An empty dictionary returns all results.
filters
required
Array
An array of filter fields.
field
required
String (Enum)

Identifies a list the filters match. Filters are based on the following keywords:

  • name: String of the script name.
  • description: String of the script description.
  • created_by: String of the user name of who created the script.
  • script_uid: GUID, global ID of the script, used to identify the script when executing.
  • modification_date: Timestamp of when the script was last modified.
  • windows_supported: Whether the script can be executed on Windows operating system.
  • linux_supported: Whether the script can be executed on Linux operating system.
  • macos_supported: Whether the script can be executed on Mac operating system.
  • is_high_risk: Whether the script has a high-risk outcome.
Allowed values:
name
description
created_by
script_uid
modification_date
windows_supported
linux_supported
macos_supported
is_high_risk
operator
required
String (Enum)

String that identifies the comparison operator you want to use for this filter. Valid keywords and values are: in

  • name, description, created_by, script_uid, windows_supported, linux_supported, macos_supported, is_high_risk: List of strings. gte / lte
  • modification_date: Integer in timestamp epoch milliseconds.
Allowed values:
in
gte
lte
value
required
Array of strings
Value that this filter must match.
Responses

Successful response

Body
reply
optional
JSON object containing the query result.
total_count
optional
Integer
Number of total results of this filter without paging.
result_count
optional
Integer
Number of scripts returned as result.
scripts
optional
Array
An array of scripts.
script_id
optional
String
Script ID.
name
optional
String
Name of script.
description
optional
String
Descrption of script.
modification_date
optional
Integer
Timestamp of when the script was last modified.
created_by
optional
String
Name of the user who created the script.
is_high_risk
optional
Boolean
Whether the script has a high-risk outcome.
windows_supported
optional
Boolean
Whether the script can be executed on Windows OS.
linux_supported
optional
Boolean
Whether the script can be executed on Linux OS.
macos_supported
optional
Boolean
Whether the script can be executed on macOS.
script_uid
optional
String
GUID, global ID of the script, used to identify the script when executing.

Bad Request. Got an invalid JSON.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.

Unauthorized access. User does not have the required license type to run this API.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.

Internal server error. A unified status for API communication type errors.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.