Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Initiate Script on Endpoint via API call

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Initiate Script on Endpoint via API call

L1 Bithead

Hi Everyone,

 

I've been running Powershell scripts on my endpoints from Action Center > Run Endpoint Script > Execute Commands in the XDR interface. It works well, however I need to specify a manual query to target the endpoints I want each time i.e. within a specific IP Range, 'Connected' vs 'Disconnected' etc. It gets cumbersome when having to re-run scripts several times or just pick out a few endpoints for testing.

 

Does anyone know if the API's allow you to run scripts? Ideally, could have a static set of parameters which includes the query to narrow down the endpoints. This way, could have several API links to kick off scripts with different target endpoint queries vs having to specify the query each time in the interface.

 

Also doesn't seem like you can save a manual query after you've built it, that would have been helpful as well.

 

Happy to hear any input you may have.Cortex Screen Shot.jpg

Thanks

1 accepted solution

Accepted Solutions

L5 Sessionator

Hi @cnogawaterfront, thanks for reaching us using the Live Community.

The API allows you to run scripts on endpoints, you need to upload the script to the console, get the script UUID, and also get the Endpoint IDs where you need to run it.

Here is the documentation: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-REST-API/Run-Script

You can combine it with the Get-Endpoint Api to obtain the endpoint_id value: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-REST-API/Get-Endpoint

 

Please let me know if this can work for you.

JM

View solution in original post

2 REPLIES 2

L5 Sessionator

Hi @cnogawaterfront, thanks for reaching us using the Live Community.

The API allows you to run scripts on endpoints, you need to upload the script to the console, get the script UUID, and also get the Endpoint IDs where you need to run it.

Here is the documentation: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-REST-API/Run-Script

You can combine it with the Get-Endpoint Api to obtain the endpoint_id value: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-REST-API/Get-Endpoint

 

Please let me know if this can work for you.

JM

Hi Jmazzeo, I'm getting a 404 error with both of those links unfortunately. I was able to find this one:

https://cortex-panw.stoplight.io/docs/cortex-xdr/7223bea7d2bea-run-script

Looks like the same thing you were referring to. I hadn't thought to upload the script, I've just been running it from the endpoint machines. Thanks for the help.

 

 

  • 1 accepted solution
  • 1504 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!