List response actions
editList response actions
editRetrieves a list of response actions.
Request URL
editGET <kibana host>:<port>/api/action
URL query parameters
editAll parameters are optional:
| Name | Type | Description | Default |
|---|---|---|---|
|
number |
The page of results to retrieve. |
1 |
|
number |
Size of results per page. 1 to 10000. |
10 |
|
string[] |
A list of response action command names. Accepted values are:
|
|
|
string[] |
A list of agent IDs. Max of 50. |
|
|
string[] |
A list of user IDs. |
|
|
string |
A start date in ISO format or Date Math format. |
|
|
string |
An end date in ISO format or Date Math format. |
|
|
string or string[] |
List of agent types to retrieve. Accepted values are:
|
|
|
string or string[] |
A list of action IDs that should include the complete output of the action. |
|
|
string or string[] |
A list of action types. Valid values are:
|
Example requests
editList actions:
GET /api/endpoint/action
Lists isolate or kill-process command actions in the last 24 hours for two specific agent IDs:
GET /api/endpoint/action?agentIds=a123&agentIds=b456&commands=isolate&commands=kill-process&startDate=now-24h/h
Response code
edit-
200 - Indicates a successful call.
Example response
edit{
"page": 1,
"pageSize": 10,
"total": 4,
"startDate": "now-24h/h",
"endDate": "now",
"elasticAgentIds": [
"afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0"
],
"data": [
{
"id": "b3d6de74-36b0-4fa8-be46-c375bf1771bf",
"agents": [
"afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0"
],
"command": "running-processes",
"agentType": "endpoint",
"startedAt": "2022-08-08T15:24:57.402Z",
"isCompleted": true,
"completedAt": "2022-08-08T09:50:47.672Z",
"wasSuccessful": true,
"isExpired": false,
"createdBy": "elastic"
},
{
"id": "43b4098b-8752-4fbb-a7a7-6df7c74d0ee3",
"agents": [
"afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0"
],
"command": "isolate",
"agentType": "endpoint",
"startedAt": "2022-08-08T15:23:37.359Z",
"isCompleted": true,
"completedAt": "2022-08-08T10:41:57.352Z",
"wasSuccessful": true,
"isExpired": false,
"createdBy": "elastic"
},
{
"id": "5bc92c86-b8e6-42dd-837f-12ad29e09caa",
"agents": [
"afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0"
],
"command": "kill-process",
"agentType": "endpoint",
"startedAt": "2022-08-08T14:38:44.125Z",
"isCompleted": true,
"completedAt": "2022-08-08T09:44:50.952Z",
"wasSuccessful": true,
"isExpired": false,
"createdBy": "elastic",
"comment": "bad process - taking up too much cpu"
},
{
"id": "790d54e0-3aa3-4e5b-8255-3ce9d851246a",
"agents": [
"afdc366c-e2e0-4cdb-ae1d-94575bd2d8e0"
],
"command": "unisolate",
"agentType": "endpoint",
"startedAt": "2022-08-08T14:38:15.391Z",
"isCompleted": true,
"completedAt": "2022-08-08T09:40:47.398Z",
"wasSuccessful": true,
"isExpired": false,
"createdBy": "elastic",
"comment": "Not a threat to the network"
}
]
}
For the Fleet APIs, see the Fleet API Documentation.