https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initiate-script-on-endpoint-via-api-call/m-p/1220678#M7904 <P>Hello <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/310428">@jmazzeo</a>,</P> <P>&nbsp;</P> <P>A follow-up question on this: is there a way to upload a script to the script library using API call?</P> <P>&nbsp;</P> <P>I checked and there seems no API call for that in the official docs or did I miss it?</P> <P>&nbsp;</P> <P>Thanks!</P> Mon, 17 Feb 2025 17:41:06 GMT Sulivan 2025-02-17T17:41:06Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initiate-script-on-endpoint-via-api-call/m-p/574105#M5940 <P>Hi Everyone,</P> <P>&nbsp;</P> <P>I've been running Powershell scripts on my endpoints from <STRONG>Action Center &gt; Run Endpoint Script &gt; Execute Commands&nbsp;</STRONG>in the XDR interface. It works well, however I need to specify a manual query to target the endpoints I want each time i.e. within a specific IP Range, 'Connected' vs 'Disconnected' etc. It gets cumbersome when having to re-run scripts several times or just pick out a few endpoints for testing.</P> <P>&nbsp;</P> <P>Does anyone know if the API's allow you to run scripts? Ideally, could have a static set of parameters which includes the query to narrow down the endpoints. This way, could have several API links to kick off scripts with different target endpoint queries vs having to specify the query each time in the interface.</P> <P>&nbsp;</P> <P>Also doesn't seem like you can save a manual query after you've built it, that would have been helpful as well.</P> <P>&nbsp;</P> <P>Happy to hear any input you may have.<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Cortex Screen Shot.jpg" style="width: 999px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/56786i856BE4275225E07B/image-size/large/is-moderation-mode/true?v=v2&amp;px=999" role="button" title="Cortex Screen Shot.jpg" alt="Cortex Screen Shot.jpg" /></span></P> <P>Thanks</P> Tue, 23 Jan 2024 16:39:36 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initiate-script-on-endpoint-via-api-call/m-p/574105#M5940 cnogawaterfront 2024-01-23T16:39:36Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initiate-script-on-endpoint-via-api-call/m-p/574930#M5979 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/258607">@cnogawaterfront</a>, thanks for reaching us using the Live Community.</P> <P>The API allows you to run scripts on endpoints, you need to upload the script to the console, get the script UUID, and also get the Endpoint IDs where you need to run it.</P> <P>Here is the documentation:&nbsp;<A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-REST-API/Run-Script" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-REST-API/Run-Script</A></P> <P>You can combine it with the Get-Endpoint Api to obtain the endpoint_id value:&nbsp;<A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-REST-API/Get-Endpoint" target="_blank">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-REST-API/Get-Endpoint</A></P> <P>&nbsp;</P> <P>Please let me know if this can work for you.</P> Tue, 30 Jan 2024 14:01:06 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initiate-script-on-endpoint-via-api-call/m-p/574930#M5979 jmazzeo 2024-01-30T14:01:06Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initiate-script-on-endpoint-via-api-call/m-p/576879#M6043 <P>Hi Jmazzeo, I'm getting a 404 error with both of those links unfortunately. I was able to find this one:<BR /><BR /></P> <P><A href="https://cortex-panw.stoplight.io/docs/cortex-xdr/7223bea7d2bea-run-script" target="_blank">https://cortex-panw.stoplight.io/docs/cortex-xdr/7223bea7d2bea-run-script</A><BR /><BR />Looks like the same thing you were referring to. I hadn't thought to upload the script, I've just been running it from the endpoint machines. Thanks for the help.</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 09 Feb 2024 20:42:13 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initiate-script-on-endpoint-via-api-call/m-p/576879#M6043 cnogawaterfront 2024-02-09T20:42:13Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initiate-script-on-endpoint-via-api-call/m-p/1220678#M7904 <P>Hello <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/310428">@jmazzeo</a>,</P> <P>&nbsp;</P> <P>A follow-up question on this: is there a way to upload a script to the script library using API call?</P> <P>&nbsp;</P> <P>I checked and there seems no API call for that in the official docs or did I miss it?</P> <P>&nbsp;</P> <P>Thanks!</P> Mon, 17 Feb 2025 17:41:06 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initiate-script-on-endpoint-via-api-call/m-p/1220678#M7904 Sulivan 2025-02-17T17:41:06Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initiate-script-on-endpoint-via-api-call/m-p/1220911#M7923 <P>Hi!, no, there is no API to upload a script, you can call the scripts already uploaded to the console, or you can run snipped code using this API:&nbsp;<A href="https://cortex-panw.stoplight.io/docs/cortex-xdr/branches/main/083859c8c6729-run-snippet-code-script" target="_blank">https://cortex-panw.stoplight.io/docs/cortex-xdr/branches/main/083859c8c6729-run-snippet-code-script</A></P> <P>You can find in that section on the left side, all the APIs for the supported script actions.</P> <P>&nbsp;</P> Wed, 19 Feb 2025 12:19:51 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/initiate-script-on-endpoint-via-api-call/m-p/1220911#M7923 jmazzeo 2025-02-19T12:19:51Z