Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
01-23-2024 08:08 AM - edited 01-23-2024 08:39 AM
Hi Everyone,
I've been running Powershell scripts on my endpoints from Action Center > Run Endpoint Script > Execute Commands in the XDR interface. It works well, however I need to specify a manual query to target the endpoints I want each time i.e. within a specific IP Range, 'Connected' vs 'Disconnected' etc. It gets cumbersome when having to re-run scripts several times or just pick out a few endpoints for testing.
Does anyone know if the API's allow you to run scripts? Ideally, could have a static set of parameters which includes the query to narrow down the endpoints. This way, could have several API links to kick off scripts with different target endpoint queries vs having to specify the query each time in the interface.
Also doesn't seem like you can save a manual query after you've built it, that would have been helpful as well.
Happy to hear any input you may have.
Thanks
01-30-2024 06:01 AM
Hi @cnogawaterfront, thanks for reaching us using the Live Community.
The API allows you to run scripts on endpoints, you need to upload the script to the console, get the script UUID, and also get the Endpoint IDs where you need to run it.
Here is the documentation: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-REST-API/Run-Script
You can combine it with the Get-Endpoint Api to obtain the endpoint_id value: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-REST-API/Get-Endpoint
Please let me know if this can work for you.
01-30-2024 06:01 AM
Hi @cnogawaterfront, thanks for reaching us using the Live Community.
The API allows you to run scripts on endpoints, you need to upload the script to the console, get the script UUID, and also get the Endpoint IDs where you need to run it.
Here is the documentation: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-REST-API/Run-Script
You can combine it with the Get-Endpoint Api to obtain the endpoint_id value: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-REST-API/Get-Endpoint
Please let me know if this can work for you.
02-09-2024 12:42 PM
Hi Jmazzeo, I'm getting a 404 error with both of those links unfortunately. I was able to find this one:
https://cortex-panw.stoplight.io/docs/cortex-xdr/7223bea7d2bea-run-script
Looks like the same thing you were referring to. I hadn't thought to upload the script, I've just been running it from the endpoint machines. Thanks for the help.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
