Run Snippet Code Script

Cortex XDR REST API

post /public_api/v1/scripts/run_snippet_code_script

Initiate a new endpoint script execution action using provided snippet code. Cortex XDR supports sending your request in Base64.

Required license: Cortex XDR Pro per Endpoint or Cortex XDR Pro per GB

Body parameters
request_dataObjectrequired

A dictionary containing the API request fields.

filtersArray

An array of filter fields for running the script on a number of endpoints at once.

fieldObject (Enum)

String that identifies a list the filters match. Filters are based on the following keywords: - endpoint_id_list: List of endpoint IDs.

Allowed values:"endpoint_id_list"
operatorString (Enum)

String that identifies the comparison operator you want to use for this filter. Valid keywords and values are: in - endpoint_id_list: List of strings

Allowed values:"in"
valueArray[string]

Value that this filter must match.

timeoutInteger

The timeout in seconds for this execution. Default value is 600.

snippet_codeString

Section of a script you want to initiate on an endpoint.

incident_idString

Incident ID. When included in the request, the Run Snippet Code Script action will appear in the Cortex XDR Incident View Timeline tab.

REQUEST BODY
{ "request_data": { "filters": [ { "field": "endpoint_id_list", "operator": "in", "value": [ "<endpoint ID>" ] } ], "snippet_code": "print (\"7\")" } }
CURL
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
'https://api-yourfqdn/public_api/v1/scripts/run_snippet_code_script'
-d ''
Responses

Successful response

Body
replyObject

JSON object containing the query result.

action_idString

ID of the action initiated. ID will be used as a reference to track in the action center.

endpoints_countInteger

Number of endpoints the action was initiated on.

RESPONSE
{ "reply": { "action_id": "<action ID>", "endpoints_count": 21 } }

Bad Request. Got an invalid JSON.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Unauthorized access. User does not have the required license type to run this API.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Internal server error. A unified status for API communication type errors.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }