Reverse the isolation of one or more endpoints in single request.
Note: You can only send a request with either endpoint_id
to unisolate one endpoint or with filters to unisolate more than one endpoint. An error is raised if you try to use both endpoint_id
and the filters.
Required license: Cortex XDR Prevent or Cortex XDR Pro per Endpoint
request_dataObject
A dictionary containing the API request fields.
filtersArray
An array of filter fields for unisolating a number of endpoints at once. Note: This field is only required if unisolating more than one endpoint.
fieldObject (Enum)
String that identifies a list the filters match. Filters are based on the following keywords:
- endpoint_id_list
: List of endpoint IDs.
operatorObject (Enum)
String that identifies the comparison operator you want to use for this filter. Valid keywords and values are:
in
- endpoint_id_list
: List of strings
valueArray[string]
Value that this filter must match. Valid keywords:
- endpoint_id_list
: List of strings
endpoint_idString
The ID of the endpoint to unisolate.
Note: this field is only required if unisolating one endpoint.
incident_idString
Incident ID. When included in the request, the Unisolate Endpoints action will appear in the Cortex XDR Incident View Timeline tab.
{
"request_data": {
"endpoint_id": "<endpoint ID>"
}
}
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
'https://api-yourfqdn/public_api/v1/endpoints/unisolate'
-d
''