post
/public_api/v1/scripts/run_snippet_code_script
Initiate a new endpoint script execution action using provided snippet code. Cortex XDR supports sending your request in Base64.
Required license: Cortex XDR Pro per Endpoint or Cortex XDR Pro per GB
CURL
curl -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/scripts/run_snippet_code_script" \
-d '{
"request_data" : {
"incident_id" : "incident_id",
"snippet_code" : "snippet_code",
"filters" : [ {
"field" : "endpoint_id_list",
"value" : [ "value", "value" ],
"operator" : "in"
}, {
"field" : "endpoint_id_list",
"value" : [ "value", "value" ],
"operator" : "in"
} ],
"timeout" : 0
}
}'
Response
{
"reply": {
"action_id": "<action ID>",
"endpoints_count": 21
}
}
Request
Body
optional
Example:
{"request_data":{"filters":[{"field":"endpoint_id_list","operator":"in","value":[""]}],"snippet_code":"print (\"7\")"}}
request_data
required
A dictionary containing the API request fields.
filters
required
Array
An array of filter fields for running the script on a number of endpoints at once.
field
required
String
(Enum)
String that identifies a list the filters match. Filters are based on the following keywords:
endpoint_id_list
: List of endpoint IDs.
Allowed values:
endpoint_id_list
operator
required
String
(Enum)
String that identifies the comparison operator you want to use for this filter. Valid keywords and values are:
in
endpoint_id_list
: List of strings
Allowed values:
in
value
required
Array
of strings
Value that this filter must match.
timeout
optional
Integer
The timeout in seconds for this execution. Default value is 600.
snippet_code
required
String
Section of a script you want to initiate on an endpoint.
incident_id
optional
String
Incident ID.
When included in the request, the Run Snippet Code Script action will appear in the Cortex XDR Incident View Timeline tab.
Responses