Run Script

post /public_api/v1/scripts/run_script

Initiate a new endpoint script execution action using a script from the script library. The script can be run on up to 100 endpoints.

Required license: Cortex XDR Pro per Endpoint or Cortex XDR Pro per GB

CURL

  curl -X POST \

-H "Accept: application/json" \
 -H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/scripts/run_script" \
 -d '{
  "request_data" : {
    "parameters_values" : {
      "x" : "x",
      "y" : 0
    },
    "incident_id" : "incident_id",
    "filters" : [ {
      "field" : "endpoint_id_list",
      "value" : [ "value", "value" ],
      "operator" : "in"
    }, {
      "field" : "endpoint_id_list",
      "value" : [ "value", "value" ],
      "operator" : "in"
    } ],
    "script_uid" : "script_uid",
    "timeout" : 6
  }
}'
  

Response

                {
    "reply": {
        "action_id": 22519813685366,
        "status": 1,
        "endpoints_count": 1
    }
}
              

Request

Body

optional

Example:

{"request_data":{"filters":[{"field":"endpoint_id_list","operator":"in","value":[""]}],"script_uid":"","parameters_values":{"x":"param input as returned in Get Script Metadata","y":4}}}

request_data

required

A dictionary containing the API request fields.

filters

required

Array

Array of filter fields for running the script on a number of endpoints at once.

field

required

String (Enum)

String that identifies a list the filters match. Filters are based on the following keywords:

endpoint_id_list: List of endpoint IDs.

Allowed values:

endpoint_id_list

operator

required

String (Enum)

String that identifies the comparison operator you want to use for this filter. Valid keywords and values are: in

endpoint_id_list: List of strings

Allowed values:

value

required

Array of strings

Value that this filter must match.

script_uid

required

String

GUID, unique identifier of the script, returned by the Get Scripts API per script.

parameters_values

optional

Dictionary containing the parameter name, key, and its value for this execution, value.

You can obtain these values by running Get Script Metadata API.

required

String

required

Integer

timeout

optional

Integer

Timeout in seconds for this execution. Default value is 600.

incident_id

optional

String

Incident ID. When included in the request, the Run Script action will appear in the Cortex XDR Incident View Timeline tab.

Responses

Successful response

Body

optional

JSON object containing the query result.

action_id

optional

Integer

ID of the action initiated. ID will be used as a reference to track in the action center.

endpoints_count

optional

Integer

Number of endpoints the action was initiated on.

status

optional

Integer

Integer representing whether the action:

1: succeeded
0: failed

Bad Request. Got an invalid JSON.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Unauthorized access. User does not have the required license type to run this API.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Internal server error. A unified status for API communication type errors.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.