post
/public_api/v1/triage_endpoint
Initiate forensics triage for the specified agents. - Maximum of 10 concurrent triage actions at a time. - Specified agents must have Forensics License enabled. - Specified agents must be the same OS, Windows or macOS, but not a mixture of both. - Specified configuration must must support Triage Type = Online.
Required license: Forensics add-on
CURL
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/triage_endpoint" \
-d '{
"request_data" : {
"collector_uuid" : "collector_uuid",
"agent_ids" : [ "agent_ids", "agent_ids" ]
}
}'
Request
Body
optional
Example:
{"request_data":{"agent_ids":["a1f7c60ca7954876a0146a0b5b9d6ea2"],"collector_uuid":"5162122974c247eeb152089d516035ab"}}
request_data
required
agent_ids
required
Array
of strings
List of agents to run forensics triage on.
collector_uuid
optional
String
UUID of the triage configuration. If none is specified, the default configuration is used for this action.
Responses