Run Snippet Code Script

Cortex XDR REST API
post /public_api/v1/scripts/run_snippet_code_script

Initiate a new endpoint script execution action using provided snippet code. Cortex XDR supports sending your request in Base64.

Required license: Cortex XDR Pro per Endpoint or Cortex XDR Pro per GB

CURL
curl -X POST \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ "https://api-yourfqdn/public_api/v1/scripts/run_snippet_code_script" \ -d '{ "request_data" : { "incident_id" : "incident_id", "snippet_code" : "snippet_code", "filters" : [ { "field" : "endpoint_id_list", "value" : [ "value", "value" ], "operator" : "in" }, { "field" : "endpoint_id_list", "value" : [ "value", "value" ], "operator" : "in" } ], "timeout" : 0 } }'
Response
{ "reply": { "action_id": "<action ID>", "endpoints_count": 21 } }
Request
Body
optional
Example: {"request_data":{"filters":[{"field":"endpoint_id_list","operator":"in","value":[""]}],"snippet_code":"print (\"7\")"}}
request_data
required
A dictionary containing the API request fields.
filters
required
Array
An array of filter fields for running the script on a number of endpoints at once.
field
required
String (Enum)

String that identifies a list the filters match. Filters are based on the following keywords:

  • endpoint_id_list: List of endpoint IDs.
Allowed values:
endpoint_id_list
operator
required
String (Enum)

String that identifies the comparison operator you want to use for this filter. Valid keywords and values are: in

  • endpoint_id_list: List of strings
Allowed values:
in
value
required
Array of strings
Value that this filter must match.
timeout
optional
Integer
The timeout in seconds for this execution. Default value is 600.
snippet_code
required
String
Section of a script you want to initiate on an endpoint.
incident_id
optional
String
Incident ID. When included in the request, the Run Snippet Code Script action will appear in the Cortex XDR Incident View Timeline tab.
Responses

Successful response

Body
reply
optional
JSON object containing the query result.
action_id
optional
String
ID of the action initiated. ID will be used as a reference to track in the action center.
endpoints_count
optional
Integer
Number of endpoints the action was initiated on.

Bad Request. Got an invalid JSON.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.

Unauthorized access. User does not have the required license type to run this API.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.

Internal server error. A unified status for API communication type errors.

Body
The query result upon error.
err_code
optional
String
HTTP response code.
err_msg
optional
String
Error message.
Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}
err_extra
optional
String
Additional information describing the error.