Replace Featured Active Directory Groups

Cortex XDR REST API
post /public_api/v1/featured_fields/replace_ad_groups

Replace the featured active directory groups and organizational units listed in your environment.

Note: Running this API will delete all existing active directory groups.

Required license: Cortex XDR Pro per Endpoint or Cortex XDR Pro per GB

Request headers
Authorization String required

{api_key}
Example: authorization_example
x-xdr-auth-id String required

{api_key_id}
Example: xXdrAuthId_example
Accept-Encoding String

For retrieving a compressed gzipped response
Example: acceptEncoding_example
Default: gzip
CLIENT REQUEST
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'Authorization: authorization_example' -H 'x-xdr-auth-id: xXdrAuthId_example' -H 'Accept-Encoding: acceptEncoding_example'
'https://api-yourfqdn/public_api/v1/featured_fields/replace_ad_groups'
-d ''
import http.client conn = http.client.HTTPSConnection("api-yourfqdn") payload = "{\"request_data\":{\"fields\":[{\"value\":\"string\",\"type\":\"group\",\"comment\":\"string\"}]}}" headers = { 'Authorization': "SOME_STRING_VALUE", 'x-xdr-auth-id': "SOME_STRING_VALUE", 'Accept-Encoding': "SOME_STRING_VALUE", 'content-type': "application/json" } conn.request("POST", "/public_api/v1/featured_fields/replace_ad_groups", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-yourfqdn/public_api/v1/featured_fields/replace_ad_groups") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["Authorization"] = 'SOME_STRING_VALUE' request["x-xdr-auth-id"] = 'SOME_STRING_VALUE' request["Accept-Encoding"] = 'SOME_STRING_VALUE' request["content-type"] = 'application/json' request.body = "{\"request_data\":{\"fields\":[{\"value\":\"string\",\"type\":\"group\",\"comment\":\"string\"}]}}" response = http.request(request) puts response.read_body
const data = JSON.stringify({ "request_data": { "fields": [ { "value": "string", "type": "group", "comment": "string" } ] } }); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-yourfqdn/public_api/v1/featured_fields/replace_ad_groups"); xhr.setRequestHeader("Authorization", "SOME_STRING_VALUE"); xhr.setRequestHeader("x-xdr-auth-id", "SOME_STRING_VALUE"); xhr.setRequestHeader("Accept-Encoding", "SOME_STRING_VALUE"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/featured_fields/replace_ad_groups") .header("Authorization", "SOME_STRING_VALUE") .header("x-xdr-auth-id", "SOME_STRING_VALUE") .header("Accept-Encoding", "SOME_STRING_VALUE") .header("content-type", "application/json") .body("{\"request_data\":{\"fields\":[{\"value\":\"string\",\"type\":\"group\",\"comment\":\"string\"}]}}") .asString();
import Foundation let headers = [ "Authorization": "SOME_STRING_VALUE", "x-xdr-auth-id": "SOME_STRING_VALUE", "Accept-Encoding": "SOME_STRING_VALUE", "content-type": "application/json" ] let parameters = ["request_data": ["fields": [ [ "value": "string", "type": "group", "comment": "string" ] ]]] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/featured_fields/replace_ad_groups")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-yourfqdn/public_api/v1/featured_fields/replace_ad_groups", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{\"request_data\":{\"fields\":[{\"value\":\"string\",\"type\":\"group\",\"comment\":\"string\"}]}}", CURLOPT_HTTPHEADER => [ "Accept-Encoding: SOME_STRING_VALUE", "Authorization: SOME_STRING_VALUE", "content-type: application/json", "x-xdr-auth-id: SOME_STRING_VALUE" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/featured_fields/replace_ad_groups"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "Authorization: SOME_STRING_VALUE"); headers = curl_slist_append(headers, "x-xdr-auth-id: SOME_STRING_VALUE"); headers = curl_slist_append(headers, "Accept-Encoding: SOME_STRING_VALUE"); headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"fields\":[{\"value\":\"string\",\"type\":\"group\",\"comment\":\"string\"}]}}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-yourfqdn/public_api/v1/featured_fields/replace_ad_groups"); var request = new RestRequest(Method.POST); request.AddHeader("Authorization", "SOME_STRING_VALUE"); request.AddHeader("x-xdr-auth-id", "SOME_STRING_VALUE"); request.AddHeader("Accept-Encoding", "SOME_STRING_VALUE"); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{\"request_data\":{\"fields\":[{\"value\":\"string\",\"type\":\"group\",\"comment\":\"string\"}]}}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Body parameters
application/json
request_dataobjectrequired
fieldsarray

An array of active directory groups and organizational units and comments.

[
valuestringrequired

String value that defines the active directory or organizational unit name. Maximum length is 256 characters. An active directory name must be formated as: DOMAIN/GROUPNAME

typestring (Enum)

Define whether you want to replace an active directory group or organizational unit. Valid values are either group or OU. If no value is defined, group is sent by default.

Default:"group"
Allowed values:"group""OU"
commentstring

String that represents additional information regarding the featured active directory group.

]
REQUEST
{ "request_data": { "fields": [ { "value": "domain/administrators-group", "type": "group", "comment": "Administrators-group is a featured AD group" }, { "value": "dev", "type": "OU" } ] } }
Responses

Successful response

Body
application/json

true=Active directory group successfully replaced.

boolean

true=Active directory group successfully replaced.

RESPONSE
false

Bad Request. Got an invalid JSON.

Body
application/json

The query result upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extrastring

Additional information describing the error.

RESPONSE
{ "err_code": "example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "example" }

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
application/json

The query result upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extrastring

Additional information describing the error.

RESPONSE
{ "err_code": "example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "example" }

Unauthorized access. User does not have the required license type to run this API.

Body
application/json

The query result upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extrastring

Additional information describing the error.

RESPONSE
{ "err_code": "example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "example" }

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
application/json

The query result upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extrastring

Additional information describing the error.

RESPONSE
{ "err_code": "example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "example" }

Internal server error. A unified status for API communication type errors.

Body
application/json

The query result upon error.

err_codestring

HTTP response code.

err_msgstring

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extrastring

Additional information describing the error.

RESPONSE
{ "err_code": "example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "example" }