Scan a file or directory

POST /api/endpoint/action/scan

Scan a specific file or directory on an endpoint for malware.

application/json; Elastic-Api-Version=2023-10-31

Body Required

  • Values are endpoint, sentinel_one, or crowdstrike.

  • alert_ids array[string]

    A string that is not empty and does not contain only whitespace

    At least 1 element. Minimum length of each is 1. Format of each should match the following pattern: ^(?! *$).+$.

  • case_ids array[string]

    Case IDs to be updated (cannot contain empty strings)

    At least 1 element. Minimum length of each is 1.

  • comment string

    Optional comment

  • endpoint_ids array[string] Required

    List of endpoint IDs (cannot contain empty strings)

    At least 1 element. Minimum length of each is 1.

  • parameters object Required

    Additional properties are allowed.

    Hide parameters attribute Show parameters attribute object

Responses

  • 200 application/json; Elastic-Api-Version=2023-10-31

    OK

    Additional properties are allowed.

POST /api/endpoint/action/scan
curl \
 -X POST https://localhost:5601/api/endpoint/action/scan \
 -H "Content-Type: application/json; Elastic-Api-Version=2023-10-31"
Request examples
{
  "agent_type": "endpoint",
  "alert_ids": [
    "string"
  ],
  "case_ids": [
    "string"
  ],
  "comment": "string",
  "endpoint_ids": [
    "string"
  ],
  "parameters": {
    "path": "string"
  }
}
Response examples (200)
{}