post
/public_api/v1/endpoints/scan
Run a scan on selected endpoints. - Response is concatenated using AND condition (OR is not supported). - Offset is the zero-based number of incidents from the start of the result set.
Required license: Cortex XDR Prevent, Cortex XDR Pro per Endpoint, or Cortex XDR Pro per GB
Body parameters
request_dataObjectrequired
A dictionary containing the API request fields.
filtersArray[string]
An array of filter fields. To scan all endpoints, use the value all
.
incident_idString
Incident ID. When included in the request, the Scan Endpoints action will appear in the Cortex XDR Incident View Timeline tab.
REQUEST BODY
{
"request_data": {
"filters": "all"
}
}
CURL
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
'https://api-yourfqdn/public_api/v1/endpoints/scan'
-d
''
Responses