Get response actions

GET /api/endpoint/action
Api key auth Basic auth

Get a list of all response actions.

Query parameters

  • page integer

    Page number

    Minimum value is 1. Default value is 1.

  • pageSize integer

    Number of items per page

    Minimum value is 1, maximum value is 100. Default value is 10.

  • commands array[string]

    A list of response action command names.

    Minimum length of each is 1. Values are isolate, unisolate, kill-process, suspend-process, running-processes, get-file, execute, upload, or scan.

  • agentIds array[string] | string

    A list of agent IDs. Max of 50.

  • userIds array[string] | string

    A list of user IDs.

  • startDate string

    A start date in ISO 8601 format or Date Math format.

  • endDate string

    An end date in ISO format or Date Math format.

  • agentTypes string

    List of agent types to retrieve. Defaults to endpoint.

    Values are endpoint, sentinel_one, crowdstrike, or microsoft_defender_endpoint.

  • withOutputs array[string] | string

    A list of action IDs that should include the complete output of the action.

  • types array[string]

    List of types of response actions

    Values are automated or manual.

Responses

  • 200 application/json

    OK
GET /api/endpoint/action 
curl \
 --request GET 'https://localhost:5601/api/endpoint/action' \
 --header "Authorization: $API_KEY"