Release an isolated endpoint
Release an isolated endpoint, allowing it to rejoin a network.
Body Required
-
agent_type string
The host agent type (optional). Defaults to endpoint.
Values are
endpoint
,sentinel_one
,crowdstrike
, ormicrosoft_defender_endpoint
. -
alert_ids array[string(nonempty)]
A list of alerts
id
s.At least
1
element. Minimum length of each is1
. -
case_ids array[string]
Case IDs to be updated (cannot contain empty strings)
At least
1
element. Minimum length of each is1
. -
comment string
Optional comment
-
List of endpoint IDs (cannot contain empty strings)
At least
1
element. Minimum length of each is1
. -
parameters object
Optional parameters object
Additional properties are allowed.
POST
/api/endpoint/action/unisolate
curl \
--request POST https://localhost:5601/api/endpoint/action/unisolate \
--header "Content-Type: application/json" \
--data '{"agent_type":"endpoint","alert_ids":["string"],"case_ids":["string"],"comment":"string","endpoint_ids":["string"],"parameters":{}}'
Request examples
{
"agent_type": "endpoint",
"alert_ids": [
"string"
],
"case_ids": [
"string"
],
"comment": "string",
"endpoint_ids": [
"string"
],
"parameters": {}
}
Response examples (200)
{}