post
/public_api/v1/scripts/run_script
Initiate a new endpoint script execution action using a script from the script library. The script can be run on up to 100 endpoints.
Required license: Cortex XDR Pro per Endpoint or Cortex XDR Pro per GB
CURL
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/scripts/run_script" \
-d '{
"request_data" : {
"parameters_values" : {
"x" : "x",
"y" : 0
},
"incident_id" : "incident_id",
"filters" : [ {
"field" : "endpoint_id_list",
"value" : [ "value", "value" ],
"operator" : "in"
}, {
"field" : "endpoint_id_list",
"value" : [ "value", "value" ],
"operator" : "in"
} ],
"script_uid" : "script_uid",
"timeout" : 6
}
}'
Response
{
"reply": {
"action_id": 22519813685366,
"status": 1,
"endpoints_count": 1
}
}
Request
Body
optional
Example:
{"request_data":{"filters":[{"field":"endpoint_id_list","operator":"in","value":[""]}],"script_uid":"","parameters_values":{"x":"param input as returned in Get Script Metadata","y":4}}}
request_data
required
A dictionary containing the API request fields.
filters
required
Array
Array of filter fields for running the script on a number of endpoints at once.
field
required
String
(Enum)
String that identifies a list the filters match. Filters are based on the following keywords:
endpoint_id_list
: List of endpoint IDs.
Allowed values:
endpoint_id_list
operator
required
String
(Enum)
String that identifies the comparison operator you want to use for this filter. Valid keywords and values are:
in
endpoint_id_list
: List of strings
Allowed values:
in
value
required
Array
of strings
Value that this filter must match.
script_uid
required
String
GUID, unique identifier of the script, returned by the Get Scripts API per script.
parameters_values
optional
Dictionary containing the parameter name, key
, and its value for this execution, value
.
You can obtain these values by running Get Script Metadata API.
x
required
String
y
required
Integer
timeout
optional
Integer
Timeout in seconds for this execution. Default value is 600.
incident_id
optional
String
Incident ID.
When included in the request, the Run Script action will appear in the Cortex XDR Incident View Timeline tab.
Responses