Release an isolated endpoint Deprecated

POST /api/endpoint/unisolate

Release an isolated endpoint, allowing it to rejoin a network.

This URL will return a 308 permanent redirect to POST <kibana host>:<port>/api/endpoint/action/unisolate.

application/json; Elastic-Api-Version=2023-10-31

Body Required

  • Values are endpoint, sentinel_one, or crowdstrike.

  • alert_ids array[string]

    A string that is not empty and does not contain only whitespace

    At least 1 element. Minimum length of each is 1. Format of each should match the following pattern: ^(?! *$).+$.

  • case_ids array[string]

    Case IDs to be updated (cannot contain empty strings)

    At least 1 element. Minimum length of each is 1.

  • comment string

    Optional comment

  • endpoint_ids array[string] Required

    List of endpoint IDs (cannot contain empty strings)

    At least 1 element. Minimum length of each is 1.

  • Optional parameters object

    Additional properties are allowed.

Responses

  • 200 application/json; Elastic-Api-Version=2023-10-31

    OK

    Additional properties are allowed.

  • Permanent Redirect

    Hide headers attribute Show headers attribute
    • Location string

      Permanently redirects to "/api/endpoint/action/unisolate"

POST /api/endpoint/unisolate
curl \
 -X POST https://localhost:5601/api/endpoint/unisolate \
 -H "Content-Type: application/json; Elastic-Api-Version=2023-10-31"
Request examples
{
  "agent_type": "endpoint",
  "alert_ids": [
    "string"
  ],
  "case_ids": [
    "string"
  ],
  "comment": "string",
  "endpoint_ids": [
    "string"
  ],
  "parameters": {}
}
Response examples (200)
{}