Initiate a new endpoint script execution action using a script from the script library. The script can be run on up to 1000 endpoints.
Required license: Cortex XDR Pro per Endpoint or Cortex XDR Pro per GB
request_dataObjectrequired
A dictionary containing the API request fields.
filtersArray
Array of filter fields for running the script on a number of endpoints at once.
fieldString (Enum)
String that identifies a list the filters match. Filters are based on the following keywords:
- endpoint_id_list
: List of endpoint IDs.
operatorString (Enum)
String that identifies the comparison operator you want to use for this filter. Valid keywords and values are:
in
- endpoint_id_list
: List of strings
valueArray[string]
Value that this filter must match.
script_uidString
GUID, unique identifier of the script, returned by the Get Scripts API per script.
parameters_valuesObjectrequired
Dictionary containing the parameter name, key
, and its value for this execution, value
.
You can obtain these values by running Get Script Metadata API.
xString
yInteger
timeoutInteger
Timeout in seconds for this execution. Default value is 600.
incident_idString
Incident ID. When included in the request, the Run Script action will appear in the Cortex XDR Incident View Timeline tab.
{
"request_data": {
"filters": [
{
"field": "endpoint_id_list",
"operator": "in",
"value": [
"<endpoint ID>"
]
}
],
"script_uid": "<unique ID>",
"parameters_values": {
"x": "param input as returned in Get Script Metadata",
"y": 4
}
}
}
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
'https://api-yourfqdn/public_api/v1/scripts/run_script'
-d
''