post
/public_api/v1/scripts/get_scripts
Get a list of scripts available in the scripts library.
Required license: Cortex XSIAM Premium or Cortex XSIAM Enterprise or Cortex XSIAM NG SIEM
Request headers
Authorization
String
required
{api_key}
{api_key}
Example:
authorization_example
x-xdr-auth-id
String
required
{api_key_id}
{api_key_id}
Example:
xXdrAuthId_example
CLIENT REQUEST
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
-H
'Authorization: authorization_example'
-H
'x-xdr-auth-id: xXdrAuthId_example'
'https://api-yourfqdn/public_api/v1/scripts/get_scripts'
-d
''
import http.client
conn = http.client.HTTPSConnection("api-yourfqdn")
payload = "{\"request_data\":{\"filters\":[{\"field\":\"name\",\"operator\":\"in\",\"value\":[\"string\"]}]}}"
headers = {
'Authorization': "SOME_STRING_VALUE",
'x-xdr-auth-id': "SOME_STRING_VALUE",
'content-type': "application/json"
}
conn.request("POST", "/public_api/v1/scripts/get_scripts", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://api-yourfqdn/public_api/v1/scripts/get_scripts")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'SOME_STRING_VALUE'
request["x-xdr-auth-id"] = 'SOME_STRING_VALUE'
request["content-type"] = 'application/json'
request.body = "{\"request_data\":{\"filters\":[{\"field\":\"name\",\"operator\":\"in\",\"value\":[\"string\"]}]}}"
response = http.request(request)
puts response.read_bodyconst data = JSON.stringify({
"request_data": {
"filters": [
{
"field": "name",
"operator": "in",
"value": [
"string"
]
}
]
}
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://api-yourfqdn/public_api/v1/scripts/get_scripts");
xhr.setRequestHeader("Authorization", "SOME_STRING_VALUE");
xhr.setRequestHeader("x-xdr-auth-id", "SOME_STRING_VALUE");
xhr.setRequestHeader("content-type", "application/json");
xhr.send(data);HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/scripts/get_scripts")
.header("Authorization", "SOME_STRING_VALUE")
.header("x-xdr-auth-id", "SOME_STRING_VALUE")
.header("content-type", "application/json")
.body("{\"request_data\":{\"filters\":[{\"field\":\"name\",\"operator\":\"in\",\"value\":[\"string\"]}]}}")
.asString();import Foundation
let headers = [
"Authorization": "SOME_STRING_VALUE",
"x-xdr-auth-id": "SOME_STRING_VALUE",
"content-type": "application/json"
]
let parameters = ["request_data": ["filters": [
[
"field": "name",
"operator": "in",
"value": ["string"]
]
]]] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/scripts/get_scripts")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api-yourfqdn/public_api/v1/scripts/get_scripts",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\"request_data\":{\"filters\":[{\"field\":\"name\",\"operator\":\"in\",\"value\":[\"string\"]}]}}",
CURLOPT_HTTPHEADER => [
"Authorization: SOME_STRING_VALUE",
"content-type: application/json",
"x-xdr-auth-id: SOME_STRING_VALUE"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/scripts/get_scripts");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Authorization: SOME_STRING_VALUE");
headers = curl_slist_append(headers, "x-xdr-auth-id: SOME_STRING_VALUE");
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"filters\":[{\"field\":\"name\",\"operator\":\"in\",\"value\":[\"string\"]}]}}");
CURLcode ret = curl_easy_perform(hnd);var client = new RestClient("https://api-yourfqdn/public_api/v1/scripts/get_scripts");
var request = new RestRequest(Method.POST);
request.AddHeader("Authorization", "SOME_STRING_VALUE");
request.AddHeader("x-xdr-auth-id", "SOME_STRING_VALUE");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"request_data\":{\"filters\":[{\"field\":\"name\",\"operator\":\"in\",\"value\":[\"string\"]}]}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Body parameters
application/json
request_dataobjectA dictionary containing the API request fields.
An empty dictionary returns all results.
A dictionary containing the API request fields. An empty dictionary returns all results.
filtersarrayrequiredAn array of filter fields.
An array of filter fields.
[fieldstring (Enum)required
operatorstring (Enum)required
valueobjectrequired
boolean
integer
]
fieldstring (Enum)requiredIdentifies a list the filters match. Filters are based on the following keywords:
name: String of the script name.description: String of the script description.created_by: String of the user name of who created the script.script_uid: GUID, global ID of the script, used to identify the script when executing.modification_date: Timestamp of when the script was last modified.windows_supported: Whether the script can be executed on Windows operating system.linux_supported: Whether the script can be executed on Linux operating system.macos_supported: Whether the script can be executed on Mac operating system.is_high_risk: Whether the script has a high-risk outcome.
Identifies a list the filters match. Filters are based on the following keywords:
name: String of the script name.description: String of the script description.created_by: String of the user name of who created the script.script_uid: GUID, global ID of the script, used to identify the script when executing.modification_date: Timestamp of when the script was last modified.windows_supported: Whether the script can be executed on Windows operating system.linux_supported: Whether the script can be executed on Linux operating system.macos_supported: Whether the script can be executed on Mac operating system.is_high_risk: Whether the script has a high-risk outcome.
Allowed values:"name""description""created_by""script_uid""modification_date""windows_supported""linux_supported""macos_supported""is_high_risk"
operatorstring (Enum)requiredString that identifies the comparison operator you want to use for this filter. Valid keywords and values are:
in
name, description, created_by, script_uid, windows_supported, linux_supported, macos_supported, is_high_risk: List of strings.
gte / ltemodification_date: Integer in timestamp epoch milliseconds.
String that identifies the comparison operator you want to use for this filter. Valid keywords and values are:
in
name,description,created_by,script_uid,windows_supported,linux_supported,macos_supported,is_high_risk: List of strings.gte/ltemodification_date: Integer in timestamp epoch milliseconds.
Allowed values:"in""gte""lte"
valueobjectrequiredValue that this filter must match.
Value that this filter must match.
Array
booleanValue that this filter must match.
Value that this filter must match.
integerValue that this filter must match.
Value that this filter must match.
REQUEST
{
"request_data": {}
}{
"request_data": {
"filters": [
{
"field": "is_high_risk",
"operator": "in",
"value": [
"false"
]
}
]
}
}Responses
Successful response
Body
application/json
replyobjectJSON object containing the query result.
JSON object containing the query result.
total_countintegerNumber of total results of this filter without paging.
Number of total results of this filter without paging.
result_countintegerNumber of scripts returned as result.
Number of scripts returned as result.
scriptsarrayAn array of scripts.
An array of scripts.
[script_idstring
namestring
descriptionstring
modification_dateinteger
created_bystring
is_high_riskboolean
windows_supportedboolean
linux_supportedboolean
macos_supportedboolean
script_uidstring
]
script_idstringScript ID.
Script ID.
namestringName of script.
Name of script.
descriptionstringDescription of script.
Description of script.
modification_dateintegerTimestamp of when the script was last modified.
Timestamp of when the script was last modified.
created_bystringName of the user who created the script.
Name of the user who created the script.
is_high_riskbooleanWhether the script has a high-risk outcome.
Whether the script has a high-risk outcome.
windows_supportedbooleanWhether the script can be executed on Windows OS.
Whether the script can be executed on Windows OS.
linux_supportedbooleanWhether the script can be executed on Linux OS.
Whether the script can be executed on Linux OS.
macos_supportedbooleanWhether the script can be executed on macOS.
Whether the script can be executed on macOS.
script_uidstringGUID, global ID of the script, used to identify the script when executing.
GUID, global ID of the script, used to identify the script when executing.
RESPONSE
{
"reply": {
"total_count": 129,
"result_count": 24,
"scripts": [
{
"script_id": "<script ID>",
"name": "list_directories",
"description": "List all directories under path",
"modification_date": 1585074627259,
"created_by": "Palo Alto Networks",
"is_high_risk": false,
"windows_supported": true,
"linux_supported": true,
"macos_supported": true,
"script_uid": "<unique ID>"
},
{
"script_id": "<script ID>",
"name": "test 1",
"description": "test",
"modification_date": 1583052236449,
"created_by": "User 1",
"is_high_risk": false,
"windows_supported": true,
"linux_supported": false,
"macos_supported": false,
"script_uid": "<unique ID>"
},
{
"script_id": "<script ID>",
"name": "test 2",
"description": "test 2",
"modification_date": 1582709343498,
"created_by": "User 2",
"is_high_risk": false,
"windows_supported": true,
"linux_supported": true,
"macos_supported": true,
"script_uid": "<unique ID>"
}
]
}
}Bad Request. Got an invalid JSON.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Unauthorized access. User does not have the required license type to run this API.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}Internal server error. A unified status for API communication type errors.
Body
application/json
The query result upon error.
err_codestringHTTP response code.
HTTP response code.
err_msgstringError message.
Error message.
Example:
"{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}"err_extrastringAdditional information describing the error.
Additional information describing the error.
RESPONSE
{
"err_code": "example",
"err_msg": "{\"line\": 1, \"column\": 19, \"message\": \"no viable alternative at input '|alter2'\"}",
"err_extra": "example"
}