Scan a file or directory
Scan a specific file or directory on an endpoint for malware.
Body
Required
-
agent_type
string List of agent types to retrieve. Defaults to
endpoint.Values are
endpoint,sentinel_one, orcrowdstrike. -
alert_ids
array[string(nonempty)] A list of alerts
ids.At least
1element. Minimum length of each is1. -
case_ids
array[string] Case IDs to be updated (cannot contain empty strings)
At least
1element. Minimum length of each is1. -
comment
string Optional comment
-
endpoint_ids
array[string] Required List of endpoint IDs (cannot contain empty strings)
At least
1element. Minimum length of each is1. -
parameters
object Required Optional parameters object
Additional properties are allowed.
POST
/api/endpoint/action/scan
curl \
--request POST https://localhost:5601/api/endpoint/action/scan \
--header "Authorization: $API_KEY" \
--header "Content-Type: application/json; Elastic-Api-Version=2023-10-31"
Request example
{
"comment": "Scan the file for malware",
"parameters": {
"path": "/usr/my-file.txt"
},
"endpoint_ids": [
"ed518850-681a-4d60-bb98-e22640cae2a8"
]
}
Response examples (200)
{
"data": {
"id": "27ba1b42-7cc6-4e53-86ce-675c876092b2",
"hosts": {
"ed518850-681a-4d60-bb98-e22640cae2a8": {
"name": "gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r"
}
},
"agents": [
"ed518850-681a-4d60-bb98-e22640cae2a8"
],
"status": "pending",
"command": "scan",
"outputs": {},
"agentType": "endpoint",
"createdBy": "myuser",
"isExpired": false,
"startedAt": "2023-07-28T19:00:03.911Z",
"agentState": {
"ed518850-681a-4d60-bb98-e22640cae2a8": {
"isCompleted": false,
"wasSuccessful": false
}
},
"parameters": {
"path": "/usr/my-file.txt"
},
"isCompleted": false,
"wasSuccessful": false
}
}