Example searches: “timestamp”, “useLegacyAlerts”, “mappings”, “alerting_framework_health”, “last_execution”
Get a list of all response actions.
At least 1 but not more than 50 elements. Minimum length of each is 1.
1
50
Minimum length is 1.
Values are endpoint, sentinel_one, or crowdstrike.
endpoint
sentinel_one
crowdstrike
The command to be executed (cannot be an empty string)
Minimum length of each is 1. Values are isolate, unisolate, kill-process, suspend-process, running-processes, get-file, execute, upload, or scan.
isolate
unisolate
kill-process
suspend-process
running-processes
get-file
execute
upload
scan
End date
Page number
Minimum value is 1. Default value is 1.
Number of items per page
Minimum value is 1, maximum value is 10000. Default value is 10.
10000
10
Start date
Type of response action
Values are automated or manual.
automated
manual
User IDs
At least 1 element. Minimum length of each is 1.
Shows detailed outputs for an action response
OK
curl \ -X GET https://localhost:5601/api/endpoint/action?query=%7B%7D
{}