Release an isolated host
editRelease an isolated host
editRemoves a host’s isolation status and allows it to rejoin a network.
You must have the Host Isolation privilege to perform this action. It is available to all license levels.
Request URL
editPOST <kibana host>:<port>/api/endpoint/action/unisolate
(Deprecated) POST <kibana host>:<port>/api/endpoint/unisolate
- This url will return a 308 permanent redirect to POST <kibana host>:<port>/api/endpoint/action/unisolate
Request body
editA JSON object with these fields:
Name | Type | Description | Required |
---|---|---|---|
|
Array (String) |
The IDs of endpoints where you want to issue this action. |
Yes |
|
String |
The type of Agent that the host is running with. Accepted values are:
|
No |
|
Array (String) |
If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. |
No |
|
Array (String) |
The IDs of cases where the action taken will be logged. |
No |
|
String |
Attach a comment to this action’s log. The comment text will appear in associated cases. |
No |
Example requests
editReleases a single host with an endpoint_id
value of ed518850-681a-4d60-bb98-e22640cae2a8
:
POST /api/endpoint/action/unisolate { "endpoint_ids": ["ed518850-681a-4d60-bb98-e22640cae2a8"] }
Releases several hosts; includes a comment:
POST /api/endpoint/action/unisolate { "endpoint_ids": [ "9972d10e-4b9e-41aa-a534-a85e2a28ea42", "bc0e4f0c-3bca-4633-9fee-156c0b505d16", "fa89271b-b9d4-43f2-a684-307cffddeb5a" ], "comment": "Benign process identified, releasing group" }
Releases hosts with an associated case; includes a comment.
POST /api/endpoint/action/unisolate { "endpoint_ids": [ "1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0", "b30a11bf-1395-4707-b508-fbb45ef9793e" ], "case_ids": ["4976be38-c134-4554-bd5e-0fd89ce63667"] "comment": "Remediation complete, restoring network" }
Response code
edit-
200
- Indicates a successful call.
-
403
- Indicates insufficient user privilege (Host Isolation required).
-
500
- General error. A response message will provide additional details.
Response payload
editA JSON object with an id
that refers to the submitted action.
Example response
edit{ "action": "233db9ea-6733-4849-9226-5a7039c7161d", "data": { "id": "233db9ea-6733-4849-9226-5a7039c7161d", "agents": ["ed518850-681a-4d60-bb98-e22640cae2a8"], "command": "suspend-process", "agentType": "endpoint", "isExpired": false, "isCompleted": true, "wasSuccessful": true, "errors": [], "startedAt": "2022-07-29T19:08:49.126Z", "completedAt": "2022-07-29T19:09:44.961Z", "outputs": { "ed518850-681a-4d60-bb98-e22640cae2a8": { "type": "json", "content": { "key": "value" } } }, "createdBy": "myuser", "comment": "suspend the process", "parameters": { "entity_id": "abc123" } } }