Isolate an endpoint

POST /api/endpoint/action/isolate

Isolate an endpoint from the network. The endpoint remains isolated until it's released.

application/json; Elastic-Api-Version=2023-10-31

Body Required

body object Required
Hide body attributes Show body attributes object
- agent_type string
  
  Values are endpoint, sentinel_one, or crowdstrike.
- alert_ids array[string]
  
  A string that is not empty and does not contain only whitespace
  
  At least 1 element. Minimum length of each is 1. Format of each should match the following pattern: ^(?! *$).+$.
- case_ids array[string]
  
  Case IDs to be updated (cannot contain empty strings)
  
  At least 1 element. Minimum length of each is 1.
- comment string
  
  Optional comment
- endpoint_ids array[string] Required
  
  List of endpoint IDs (cannot contain empty strings)
  
  At least 1 element. Minimum length of each is 1.
- parameters object
  
  Optional parameters object

Responses

200 application/json; Elastic-Api-Version=2023-10-31

OK

POST /api/endpoint/action/isolate

curl \
 -X POST http://localhost:5622/api/endpoint/action/isolate \
 -H "Content-Type: application/json; Elastic-Api-Version=2023-10-31"

Request examples

{
  "body": {
    "agent_type": "endpoint",
    "alert_ids": [
      "string"
    ],
    "case_ids": [
      "string"
    ],
    "comment": "string",
    "endpoint_ids": [
      "string"
    ],
    "parameters": {}
  }
}

Response examples (200)

{}