Unisolate Endpoints

Cortex XDR REST API

post /public_api/v1/endpoints/unisolate

Reverse the isolation of one or more endpoints in single request.

Note: You can only send a request with either endpoint_id to unisolate one endpoint or with filters to unisolate more than one endpoint. An error is raised if you try to use both endpoint_id and the filters.

Required license: Cortex XDR Prevent or Cortex XDR Pro per Endpoint

Body parameters
request_dataObject

A dictionary containing the API request fields.

filtersArray

An array of filter fields for unisolating a number of endpoints at once. Note: This field is only required if unisolating more than one endpoint.

fieldObject (Enum)

String that identifies a list the filters match. Filters are based on the following keywords: - endpoint_id_list: List of endpoint IDs.

Allowed values:"endpoint_id_list"
operatorObject (Enum)

String that identifies the comparison operator you want to use for this filter. Valid keywords and values are: in - endpoint_id_list: List of strings

Allowed values:"IN"
valueArray[string]

Value that this filter must match. Valid keywords: - endpoint_id_list: List of strings

endpoint_idString

The ID of the endpoint to unisolate.

Note: this field is only required if unisolating one endpoint.

incident_idString

Incident ID. When included in the request, the Unisolate Endpoints action will appear in the Cortex XDR Incident View Timeline tab.

REQUEST BODY
{ "request_data": { "endpoint_id": "<endpoint ID>" } }
CURL
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
'https://api-yourfqdn/public_api/v1/endpoints/unisolate'
-d ''
Responses

Successful response

Body
replyObject

JSON object containing the query result.

action_idString

ID of the action to unisolate selected endpoints. Response only indicates the request was successfully sent to the endpoint. To track if the endpoint was restored either: - In the Cortex XDR console, navigate to Response > Action Center > Isolation and search for the action ID. Make sure the Action ID field is selected in the table Layout settings. - Send a Get Action Status API request.

endpoints_countString

Number of endpoints included in the request.

RESPONSE
{ "reply": { "action_id": "<action ID>", "status": "1", "endpoints_count": "673" } }

Bad Request. Got an invalid JSON.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Unauthorized access. User does not have the required license type to run this API.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }

Internal server error. A unified status for API communication type errors.

Body
err_codeString

HTTP response code.

err_msgString

Error message.

Example:"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"
err_extraString

Additional information describing the error.

RESPONSE
{ "err_code": "err_code_example", "err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}", "err_extra": "err_extra_example" }