Get action details
Spaces method and path for this operation:
Refer to Spaces for more information.
Get the details of a response action using the action ID.
Responses
-
OK
One of: Hide attributes Show attributes
-
The agent IDs for the hosts that the response action was sent to
-
The state of the response action for each agent ID that it was sent to
Hide agentState attribute Show agentState attribute object
-
List of agent types to retrieve. Defaults to
endpoint.Values are
endpoint,sentinel_one,crowdstrike, ormicrosoft_defender_endpoint. -
The command for the response action
Minimum length is
1. Value iskill-process. -
The response action completion time
-
The user who created the response action
-
An object containing the host names associated with the agent IDs the response action was sent to
-
The response action ID
-
Whether the response action is complete
-
Whether the response action is expired
-
The outputs of the response action for each agent ID that it was sent to. Content different depending on the response action command and will only be present for agents that have responded to the response action
Hide outputs attribute Show outputs attribute object
-
The parameters of the response action. Content different depending on the response action command
-
The response action start time
-
The response action status
-
Whether the response action was successful
Hide attributes Show attributes
-
The agent IDs for the hosts that the response action was sent to
-
The state of the response action for each agent ID that it was sent to
Hide agentState attribute Show agentState attribute object
-
List of agent types to retrieve. Defaults to
endpoint.Values are
endpoint,sentinel_one,crowdstrike, ormicrosoft_defender_endpoint. -
The command for the response action
Minimum length is
1. Value isget-file. -
The response action completion time
-
The user who created the response action
-
An object containing the host names associated with the agent IDs the response action was sent to
-
The response action ID
-
Whether the response action is complete
-
Whether the response action is expired
-
The outputs of the response action for each agent ID that it was sent to. Content different depending on the response action command and will only be present for agents that have responded to the response action
Hide outputs attribute Show outputs attribute object
-
The agent id
Hide * attributes Show * attributes object(uuid)
-
Hide content attributes Show content attributes object
-
The server relative URI to download the file associated with the output of the response action. URI does not include the space prefix
-
-
Values are
jsonortext.
-
-
The parameters of the response action. Content different depending on the response action command
-
The response action start time
-
The response action status
-
Whether the response action was successful
Hide attributes Show attributes
-
The agent IDs for the hosts that the response action was sent to
-
The state of the response action for each agent ID that it was sent to
Hide agentState attribute Show agentState attribute object
-
List of agent types to retrieve. Defaults to
endpoint.Values are
endpoint,sentinel_one,crowdstrike, ormicrosoft_defender_endpoint. -
The command for the response action
Minimum length is
1. Value isexecute. -
The response action completion time
-
The user who created the response action
-
An object containing the host names associated with the agent IDs the response action was sent to
-
The response action ID
-
Whether the response action is complete
-
Whether the response action is expired
-
The outputs of the response action for each agent ID that it was sent to. Content different depending on the response action command and will only be present for agents that have responded to the response action
Hide outputs attribute Show outputs attribute object
-
The agent id
Hide * attributes Show * attributes object(uuid)
-
Hide content attributes Show content attributes object
-
The server relative URI to download the file associated with the output of the response action. URI does not include the space prefix
-
-
Values are
jsonortext.
-
-
The parameters of the response action. Content different depending on the response action command
-
The response action start time
-
The response action status
-
Whether the response action was successful
Hide attributes Show attributes
-
The agent IDs for the hosts that the response action was sent to
-
The state of the response action for each agent ID that it was sent to
Hide agentState attribute Show agentState attribute object
-
List of agent types to retrieve. Defaults to
endpoint.Values are
endpoint,sentinel_one,crowdstrike, ormicrosoft_defender_endpoint. -
The command for the response action
Minimum length is
1. Value isrunscript. -
The response action completion time
-
The user who created the response action
-
An object containing the host names associated with the agent IDs the response action was sent to
-
The response action ID
-
Whether the response action is complete
-
Whether the response action is expired
-
The outputs of the response action for each agent ID that it was sent to. Content different depending on the response action command and will only be present for agents that have responded to the response action
Hide outputs attribute Show outputs attribute object
-
The parameters of the response action. Content different depending on the response action command
-
The response action start time
-
The response action status
-
Whether the response action was successful
Hide attributes Show attributes
-
The agent IDs for the hosts that the response action was sent to
-
The state of the response action for each agent ID that it was sent to
Hide agentState attribute Show agentState attribute object
-
List of agent types to retrieve. Defaults to
endpoint.Values are
endpoint,sentinel_one,crowdstrike, ormicrosoft_defender_endpoint. -
The command for the response action
Minimum length is
1. Value isupload. -
The response action completion time
-
The user who created the response action
-
An object containing the host names associated with the agent IDs the response action was sent to
-
The response action ID
-
Whether the response action is complete
-
Whether the response action is expired
-
The outputs of the response action for each agent ID that it was sent to. Content different depending on the response action command and will only be present for agents that have responded to the response action
Hide outputs attribute Show outputs attribute object
-
The parameters for upload returned on the details are derived via the API from the file that was uploaded at the time that the response action was submitted
-
The response action start time
-
The response action status
-
Whether the response action was successful
Hide attributes Show attributes
-
The agent IDs for the hosts that the response action was sent to
-
The state of the response action for each agent ID that it was sent to
Hide agentState attribute Show agentState attribute object
-
List of agent types to retrieve. Defaults to
endpoint.Values are
endpoint,sentinel_one,crowdstrike, ormicrosoft_defender_endpoint. -
The command for the response action
Minimum length is
1. Value isscan. -
The response action completion time
-
The user who created the response action
-
An object containing the host names associated with the agent IDs the response action was sent to
-
The response action ID
-
Whether the response action is complete
-
Whether the response action is expired
-
The outputs of the response action for each agent ID that it was sent to. Content different depending on the response action command and will only be present for agents that have responded to the response action
Hide outputs attribute Show outputs attribute object
-
The parameters of the response action. Content different depending on the response action command
-
The response action start time
-
The response action status
-
Whether the response action was successful
Hide attributes Show attributes
-
The agent IDs for the hosts that the response action was sent to
-
The state of the response action for each agent ID that it was sent to
Hide agentState attribute Show agentState attribute object
-
List of agent types to retrieve. Defaults to
endpoint.Values are
endpoint,sentinel_one,crowdstrike, ormicrosoft_defender_endpoint. -
The command for the response action
Minimum length is
1. Value iscancel. -
The response action completion time
-
The user who created the response action
-
An object containing the host names associated with the agent IDs the response action was sent to
-
The response action ID
-
Whether the response action is complete
-
Whether the response action is expired
-
The outputs of the response action for each agent ID that it was sent to. Content different depending on the response action command and will only be present for agents that have responded to the response action
Hide outputs attribute Show outputs attribute object
-
The parameters of the response action. Content different depending on the response action command
-
The response action start time
-
The response action status
-
Whether the response action was successful
Hide attributes Show attributes
-
The agent IDs for the hosts that the response action was sent to
-
The state of the response action for each agent ID that it was sent to
Hide agentState attribute Show agentState attribute object
-
List of agent types to retrieve. Defaults to
endpoint.Values are
endpoint,sentinel_one,crowdstrike, ormicrosoft_defender_endpoint. -
The command for the response action
Minimum length is
1. Value issuspend-process. -
The response action completion time
-
The user who created the response action
-
An object containing the host names associated with the agent IDs the response action was sent to
-
The response action ID
-
Whether the response action is complete
-
Whether the response action is expired
-
The outputs of the response action for each agent ID that it was sent to. Content different depending on the response action command and will only be present for agents that have responded to the response action
Hide outputs attribute Show outputs attribute object
-
The parameters of the response action. Content different depending on the response action command
-
The response action start time
-
The response action status
-
Whether the response action was successful
Hide attributes Show attributes
-
The agent IDs for the hosts that the response action was sent to
-
The state of the response action for each agent ID that it was sent to
Hide agentState attribute Show agentState attribute object
-
List of agent types to retrieve. Defaults to
endpoint.Values are
endpoint,sentinel_one,crowdstrike, ormicrosoft_defender_endpoint. -
The command for the response action
Minimum length is
1. Value isrunning-processes. -
The response action completion time
-
The user who created the response action
-
An object containing the host names associated with the agent IDs the response action was sent to
-
The response action ID
-
Whether the response action is complete
-
Whether the response action is expired
-
The outputs of the response action for each agent ID that it was sent to. Content different depending on the response action command and will only be present for agents that have responded to the response action
Hide outputs attribute Show outputs attribute object
-
The parameters of the response action. Content different depending on the response action command
-
The response action start time
-
The response action status
-
Whether the response action was successful
-
curl \ --request GET 'https://localhost:5601/api/endpoint/action/fr518850-681a-4y60-aa98-e22640cae2b8' \ --header "Authorization: $API_KEY"