Isolate an endpoint | Kibana API documentation (v8)

Isolate an endpoint Deprecated

POST /api/endpoint/isolate

Api key auth Basic auth

Isolate an endpoint from the network.

This URL will return a 308 permanent redirect to POST <kibana host>:<port>/api/endpoint/action/isolate.

application/json

Body Required

agent_type string

List of agent types to retrieve. Defaults to endpoint.

Values are endpoint, sentinel_one, crowdstrike, or microsoft_defender_endpoint.
alert_ids array[string(nonempty)]

A list of alerts ids.

At least 1 element. Minimum length of each is 1.
case_ids array[string]

Case IDs to be updated (cannot contain empty strings)

At least 1 element. Minimum length of each is 1.
comment string

Optional comment
endpoint_ids array[string] Required

List of endpoint IDs (cannot contain empty strings)

At least 1 element. Minimum length of each is 1.
parameters object

Optional parameters object

Responses

200 application/json

OK
308

Permanent Redirect
Hide headers attribute Show headers attribute
- Location string
  
  Permanently redirects to "/api/endpoint/action/isolate"

POST /api/endpoint/isolate

curl \
 --request POST 'https://localhost:5601/api/endpoint/isolate' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"agent_type":"endpoint","alert_ids":["string"],"case_ids":["case-id-1","case-id-2"],"comment":"This is a comment","endpoint_ids":["endpoint-id-1","endpoint-id-2"],"parameters":{}}'

Request examples

{
  "agent_type": "endpoint",
  "alert_ids": [
    "string"
  ],
  "case_ids": [
    "case-id-1",
    "case-id-2"
  ],
  "comment": "This is a comment",
  "endpoint_ids": [
    "endpoint-id-1",
    "endpoint-id-2"
  ],
  "parameters": {}
}

Response examples (200)

{}