Unisolate Endpoints

post /public_api/v1/endpoints/unisolate

Reverse the isolation of one or more endpoints in single request.

Note: You can only send a request with either endpoint_id to unisolate one endpoint or with filters to unisolate more than one endpoint. An error is raised if you try to use both endpoint_id and the filters.

Required license: Cortex XDR Prevent or Cortex XDR Pro per Endpoint

CURL

  curl -X POST \

-H "Accept: application/json" \
 -H "Content-Type: application/json" \
"https://api-yourfqdn/public_api/v1/endpoints/unisolate" \
 -d '{
  "request_data" : {
    "incident_id" : "incident_id",
    "endpoint_id" : "endpoint_id",
    "filters" : [ {
      "field" : "endpoint_id_list",
      "value" : [ "value", "value" ],
      "operator" : "in"
    }, {
      "field" : "endpoint_id_list",
      "value" : [ "value", "value" ],
      "operator" : "in"
    } ]
  }
}'
  

Response

                {
    "reply": {
        "action_id": "<action ID>",
        "status": "1",
        "endpoints_count": "673"
    }
}
              

Request

Body

optional

One of endpoint_id of filters is required, but not both.

Example: {"request_data":{"endpoint_id":""}}

request_data

required

A dictionary containing the API request fields.

filters

optional

Array

An array of filter fields for unisolating a number of endpoints at once. Note: This field is only required if unisolating more than one endpoint.

field

required

String (Enum)

String that identifies a list the filters match. Filters are based on the following keywords:

endpoint_id_list: List of endpoint IDs.

Allowed values:

endpoint_id_list

operator

required

String (Enum)

String that identifies the comparison operator you want to use for this filter. Valid keywords and values are: in

endpoint_id_list: List of strings

Allowed values:

value

required

Array of strings

Value that this filter must match. Valid keywords:

endpoint_id_list: List of strings

endpoint_id

required

String

The ID of the endpoint to unisolate.

Note: this field is only required if unisolating one endpoint.

incident_id

optional

String

Incident ID. When included in the request, the Unisolate Endpoints action will appear in the Cortex XDR Incident View Timeline tab.

Responses

Successful response

Body

optional

JSON object containing the query result.

action_id

optional

String

ID of the action to unisolate selected endpoints. Response only indicates the request was successfully sent to the endpoint. To track if the endpoint was restored either:

In the Cortex XDR console, navigate to Response > Action Center > Isolation and search for the action ID. Make sure the Action ID field is selected in the table Layout settings.
Send a Get Action Status API request.

endpoints_count

optional

String

Number of endpoints included in the request.

Bad Request. Got an invalid JSON.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Unauthorized access. User does not have the required license type to run this API.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.

Internal server error. A unified status for API communication type errors.

Body

The query result upon error.

err_code

optional

String

HTTP response code.

err_msg

optional

String

Error message.

Example: {"line": 1, "column": 19, "message": "no viable alternative at input '|alter2'"}

err_extra

optional

String

Additional information describing the error.