Initiate Forensics Triage

post /public_api/v1/triage_endpoint

Initiate forensics triage for the specified agents. - Maximum of 10 concurrent triage actions at a time. - Specified agents must have Forensics License enabled. - Specified agents must be the same OS, Windows or macOS, but not a mixture of both. - Specified configuration must must support Triage Type = Online.

Required license: Forensics add-on

CURL

  curl -X POST \

-H "Accept: application/json" \
 -H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/triage_endpoint" \
 -d '{
  "request_data" : {
    "collector_uuid" : "collector_uuid",
    "agent_ids" : [ "agent_ids", "agent_ids" ]
  }
}'
  

Request

Body

optional

Example: {"request_data":{"agent_ids":["a1f7c60ca7954876a0146a0b5b9d6ea2"],"collector_uuid":"5162122974c247eeb152089d516035ab"}}

request_data

required

agent_ids

required

Array of strings

List of agents to run forensics triage on.

collector_uuid

optional

String

UUID of the triage configuration. If none is specified, the default configuration is used for this action.

Responses

Body

optional

group_action_id

optional

Integer

Unique ID for triage action.

successful_agent_ids

optional

Array of strings

List of agent IDs that successfully received the triage action.

unsuccessful_agent_ids

optional

Array of objects

List of agent IDs that did not successfully receive the triage action.

Bad Request. Got an invalid JSON.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Unauthorized access. User does not have the required license type to run this API.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Internal server error. A unified status for API communication type errors.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.