post
/public_api/v1/distributions/create
Create an installation package. This is an async call that returns the distribution ID; it does not mean that the creation succeeded. To confirm the package has been created, check the status of the distribution by running the Get Distribution Status API.
Required license: Cortex XSIAM Premium or Cortex XSIAM Enterprise. In Cortex NG SIEM, requires endpoints or the Cortex Cloud Runtime Security add-on.
Request headers
Authorization
String
required
{api_key}
{api_key}
Example:
authorization_example
x-xdr-auth-id
String
required
{api_key_id}
{api_key_id}
Example:
xXdrAuthId_example
CLIENT REQUEST
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
-H
'Authorization: authorization_example'
-H
'x-xdr-auth-id: xXdrAuthId_example'
'https://api-yourfqdn/public_api/v1/distributions/create'
-d
''
import http.client
conn = http.client.HTTPSConnection("api-yourfqdn")
payload = "{\"request_data\":{\"name\":\"string\",\"platform\":\"windows\",\"package_type\":\"string\",\"agent_version\":\"string\",\"windows_version\":\"string\",\"linux_version\":\"string\",\"macos_version\":\"string\",\"deployment_platform\":\"string\",\"default_namespace\":\"string\",\"node_selector\":{\"property1\":null,\"property2\":null},\"proxy\":[\"string\"],\"cluster_name\":\"string\",\"run_on_master_node\":true,\"run_on_all_nodes\":true,\"description\":\"string\",\"endpoint_tags\":[\"string\"],\"yaml_preferences\":{\"runtime\":\"Node.js\",\"deployment_type\":\"embedded\",\"cloud_provider\":\"aws\",\"restrictions_profile\":\"string\"}}}"
headers = {
'Authorization': "SOME_STRING_VALUE",
'x-xdr-auth-id': "SOME_STRING_VALUE",
'content-type': "application/json"
}
conn.request("POST", "/public_api/v1/distributions/create", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://api-yourfqdn/public_api/v1/distributions/create")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'SOME_STRING_VALUE'
request["x-xdr-auth-id"] = 'SOME_STRING_VALUE'
request["content-type"] = 'application/json'
request.body = "{\"request_data\":{\"name\":\"string\",\"platform\":\"windows\",\"package_type\":\"string\",\"agent_version\":\"string\",\"windows_version\":\"string\",\"linux_version\":\"string\",\"macos_version\":\"string\",\"deployment_platform\":\"string\",\"default_namespace\":\"string\",\"node_selector\":{\"property1\":null,\"property2\":null},\"proxy\":[\"string\"],\"cluster_name\":\"string\",\"run_on_master_node\":true,\"run_on_all_nodes\":true,\"description\":\"string\",\"endpoint_tags\":[\"string\"],\"yaml_preferences\":{\"runtime\":\"Node.js\",\"deployment_type\":\"embedded\",\"cloud_provider\":\"aws\",\"restrictions_profile\":\"string\"}}}"
response = http.request(request)
puts response.read_bodyconst data = JSON.stringify({
"request_data": {
"name": "string",
"platform": "windows",
"package_type": "string",
"agent_version": "string",
"windows_version": "string",
"linux_version": "string",
"macos_version": "string",
"deployment_platform": "string",
"default_namespace": "string",
"node_selector": {
"property1": null,
"property2": null
},
"proxy": [
"string"
],
"cluster_name": "string",
"run_on_master_node": true,
"run_on_all_nodes": true,
"description": "string",
"endpoint_tags": [
"string"
],
"yaml_preferences": {
"runtime": "Node.js",
"deployment_type": "embedded",
"cloud_provider": "aws",
"restrictions_profile": "string"
}
}
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://api-yourfqdn/public_api/v1/distributions/create");
xhr.setRequestHeader("Authorization", "SOME_STRING_VALUE");
xhr.setRequestHeader("x-xdr-auth-id", "SOME_STRING_VALUE");
xhr.setRequestHeader("content-type", "application/json");
xhr.send(data);HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/distributions/create")
.header("Authorization", "SOME_STRING_VALUE")
.header("x-xdr-auth-id", "SOME_STRING_VALUE")
.header("content-type", "application/json")
.body("{\"request_data\":{\"name\":\"string\",\"platform\":\"windows\",\"package_type\":\"string\",\"agent_version\":\"string\",\"windows_version\":\"string\",\"linux_version\":\"string\",\"macos_version\":\"string\",\"deployment_platform\":\"string\",\"default_namespace\":\"string\",\"node_selector\":{\"property1\":null,\"property2\":null},\"proxy\":[\"string\"],\"cluster_name\":\"string\",\"run_on_master_node\":true,\"run_on_all_nodes\":true,\"description\":\"string\",\"endpoint_tags\":[\"string\"],\"yaml_preferences\":{\"runtime\":\"Node.js\",\"deployment_type\":\"embedded\",\"cloud_provider\":\"aws\",\"restrictions_profile\":\"string\"}}}")
.asString();import Foundation
let headers = [
"Authorization": "SOME_STRING_VALUE",
"x-xdr-auth-id": "SOME_STRING_VALUE",
"content-type": "application/json"
]
let parameters = ["request_data": [
"name": "string",
"platform": "windows",
"package_type": "string",
"agent_version": "string",
"windows_version": "string",
"linux_version": "string",
"macos_version": "string",
"deployment_platform": "string",
"default_namespace": "string",
"node_selector": [
"property1": ,
"property2":
],
"proxy": ["string"],
"cluster_name": "string",
"run_on_master_node": true,
"run_on_all_nodes": true,
"description": "string",
"endpoint_tags": ["string"],
"yaml_preferences": [
"runtime": "Node.js",
"deployment_type": "embedded",
"cloud_provider": "aws",
"restrictions_profile": "string"
]
]] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/distributions/create")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api-yourfqdn/public_api/v1/distributions/create",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\"request_data\":{\"name\":\"string\",\"platform\":\"windows\",\"package_type\":\"string\",\"agent_version\":\"string\",\"windows_version\":\"string\",\"linux_version\":\"string\",\"macos_version\":\"string\",\"deployment_platform\":\"string\",\"default_namespace\":\"string\",\"node_selector\":{\"property1\":null,\"property2\":null},\"proxy\":[\"string\"],\"cluster_name\":\"string\",\"run_on_master_node\":true,\"run_on_all_nodes\":true,\"description\":\"string\",\"endpoint_tags\":[\"string\"],\"yaml_preferences\":{\"runtime\":\"Node.js\",\"deployment_type\":\"embedded\",\"cloud_provider\":\"aws\",\"restrictions_profile\":\"string\"}}}",
CURLOPT_HTTPHEADER => [
"Authorization: SOME_STRING_VALUE",
"content-type: application/json",
"x-xdr-auth-id: SOME_STRING_VALUE"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/distributions/create");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Authorization: SOME_STRING_VALUE");
headers = curl_slist_append(headers, "x-xdr-auth-id: SOME_STRING_VALUE");
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"name\":\"string\",\"platform\":\"windows\",\"package_type\":\"string\",\"agent_version\":\"string\",\"windows_version\":\"string\",\"linux_version\":\"string\",\"macos_version\":\"string\",\"deployment_platform\":\"string\",\"default_namespace\":\"string\",\"node_selector\":{\"property1\":null,\"property2\":null},\"proxy\":[\"string\"],\"cluster_name\":\"string\",\"run_on_master_node\":true,\"run_on_all_nodes\":true,\"description\":\"string\",\"endpoint_tags\":[\"string\"],\"yaml_preferences\":{\"runtime\":\"Node.js\",\"deployment_type\":\"embedded\",\"cloud_provider\":\"aws\",\"restrictions_profile\":\"string\"}}}");
CURLcode ret = curl_easy_perform(hnd);var client = new RestClient("https://api-yourfqdn/public_api/v1/distributions/create");
var request = new RestRequest(Method.POST);
request.AddHeader("Authorization", "SOME_STRING_VALUE");
request.AddHeader("x-xdr-auth-id", "SOME_STRING_VALUE");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"request_data\":{\"name\":\"string\",\"platform\":\"windows\",\"package_type\":\"string\",\"agent_version\":\"string\",\"windows_version\":\"string\",\"linux_version\":\"string\",\"macos_version\":\"string\",\"deployment_platform\":\"string\",\"default_namespace\":\"string\",\"node_selector\":{\"property1\":null,\"property2\":null},\"proxy\":[\"string\"],\"cluster_name\":\"string\",\"run_on_master_node\":true,\"run_on_all_nodes\":true,\"description\":\"string\",\"endpoint_tags\":[\"string\"],\"yaml_preferences\":{\"runtime\":\"Node.js\",\"deployment_type\":\"embedded\",\"cloud_provider\":\"aws\",\"restrictions_profile\":\"string\"}}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Body parameters
application/json
request_dataobject
namestringrequiredThe name of the installation package.
The name of the installation package.
platformstring (Enum)The installation platform.
The installation platform.
Allowed values:"windows""linux""macos""android""serverless"
package_typestringrequiredA string representing the type of package to create. Each JSON object must contain one of the following keywords:
standalone: Installation for a new agent. When using this, you must include the platform field with one of the following values: windows, linux, macos, android, kubernetes, helm.upgrade: Upgrade of an agent from ESM. When using this, you must include the agent_version field with one of the following values: windows_version, linux_version, or macos_version.serverless: Create a serverless distribution. When using this, you must include the yaml_preferences field with the following properties: runtime (Node.js or python), deployment_type (embedded or layers), cloud_provider (aws), and restrictions_profile (Serverless restrictions profile ID).caas_embedded: Container-embedded XDR agent installation using the CaaS Generic Installer (Linux dockerfile-based deployment).
A string representing the type of package to create. Each JSON object must contain one of the following keywords:
standalone: Installation for a new agent. When using this, you must include theplatformfield with one of the following values:windows,linux,macos,android,kubernetes,helm.upgrade: Upgrade of an agent from ESM. When using this, you must include theagent_versionfield with one of the following values:windows_version,linux_version, ormacos_version.serverless: Create a serverless distribution. When using this, you must include theyaml_preferencesfield with the following properties:runtime(Node.js or python),deployment_type(embedded or layers),cloud_provider(aws), andrestrictions_profile(Serverless restrictions profile ID).caas_embedded: Container-embedded XDR agent installation using the CaaS Generic Installer (Linux dockerfile-based deployment).
agent_versionstringrequiredUse agent_version when creating a standalone installer. The value should be the agent version number.
Use agent_version when creating a standalone installer. The value should be the agent version number.
windows_versionstringUse windows_version when creating an upgrade package. The value is the relevant version number.
Use windows_version when creating an upgrade package. The value is the relevant version number.
linux_versionstringUse linux_version when creating an upgrade package. The value is the relevant version number.
Use linux_version when creating an upgrade package. The value is the relevant version number.
macos_versionstringUse macos_version when creating an upgrade package. The value is the relevant version number.
Use macos_version when creating an upgrade package. The value is the relevant version number.
deployment_platformstringrequiredWhen the package_type is kubernetes or helm, use the deployment_platform to indicate the type of platform. Valid values include:
standardopenshiftgcosbottlerocketgke_autopilot
When the package_type is kubernetes or helm, use the deployment_platform to indicate the type of platform. Valid values include:
standardopenshiftgcosbottlerocketgke_autopilot
default_namespacestringrequiredThe default namespace
The default namespace
node_selectorobjectThe node selector in the following format:
`"node_selector": {"key": "val"}'
The node selector in the following format: `"node_selector": {"key": "val"}'
Additional propertiesobject
proxyarray[string]
cluster_namestringCluster name
Cluster name
run_on_master_nodebooleanrequiredWhether or not to run on the master node.
Whether or not to run on the master node.
run_on_all_nodesbooleanrequiredWhether or not to run on all nodes.
Whether or not to run on all nodes.
descriptionstringA description for the distribution package.
A description for the distribution package.
endpoint_tagsarray[string]List of endpoint tags to associate with the distribution package. Tags must already exist in the system.
List of endpoint tags to associate with the distribution package. Tags must already exist in the system.
yaml_preferencesobjectConfiguration for serverless distributions.
Configuration for serverless distributions.
runtimestring (Enum)The runtime environment for the serverless function.
The runtime environment for the serverless function.
Allowed values:"Node.js""python"
deployment_typestring (Enum)The deploy method used for the serverless agent.
The deploy method used for the serverless agent.
Allowed values:"embedded""layers"
cloud_providerstring (Enum)The cloud service provider hosting the serverless function. Currently only AWS is supported.
The cloud service provider hosting the serverless function. Currently only AWS is supported.
Allowed values:"aws"
restrictions_profilestringThe serverless restrictions profile ID.
The serverless restrictions profile ID.
REQUEST
{
"request_data": {
"name": "<installation package name>",
"package_type": "upgrade",
"agent_version": "windows_version",
"deployment_platform": "standard",
"default_namespace": "cortex-xdr",
"run_on_master_node": true,
"run_on_all_nodes": false,
"endpoint_tags": [
"Administrator",
"DevTeam"
],
"description": "Created using Public APIs"
}
}{
"request_data": {
"name": "Upgrade package",
"package_type": "upgrade",
"agent_version": "windows_version",
"deployment_platform": "standard",
"default_namespace": "cortex-xdr",
"run_on_master_node": true,
"run_on_all_nodes": false,
"endpoint_tags": [
"Administrator",
"DevTeam"
],
"description": "Created using Public APIs"
}
}{
"request_data": {
"name": "PAPI Dist K8s",
"description": "Created using PAPI",
"endpoint_tags": [
"new-tag"
],
"package_type": "kubernetes",
"platform": "linux",
"agent_version": "8.8.0.10594",
"deployment_platform": "standard",
"default_namespace": "cortex-xdr",
"node_selector": {
"key": "val"
},
"proxy": [
"10.10.10.1:8080"
],
"cluster_name": "some_name",
"run_on_master_node": true,
"run_on_all_nodes": false
}
}{
"request_data": {
"name": "Serverless distribution",
"package_type": "serverless",
"description": "Description",
"agent_version": "{version}",
"platform": "serverless",
"deployment_platform": "standard",
"default_namespace": "cortex-xdr",
"run_on_master_node": false,
"run_on_all_nodes": false,
"yaml_preferences": {
"runtime": "Node.js",
"deployment_type": "embedded",
"cloud_provider": "aws",
"restrictions_profile": "28"
}
}
}Responses
Successful response
Body
application/json
replyobject
distribution_idstringInstallation package ID.
Installation package ID.
RESPONSE
{
"reply": {
"distribution_id": "example"
}
}Bad Request. Got an invalid JSON.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Unauthorized access. User does not have the required license type to run this API.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Internal server error. A unified status for API communication type errors.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}