Get a file

POST /api/endpoint/action/get_file

Api key auth

Get a file from an endpoint.

application/json

Body Required

agent_type string

List of agent types to retrieve. Defaults to endpoint.

Values are endpoint, sentinel_one, crowdstrike, or microsoft_defender_endpoint.
alert_ids array[string(nonempty)]

A list of alerts ids.

At least 1 element. Minimum length of each is 1.
case_ids array[string]

Case IDs to be updated (cannot contain empty strings)

At least 1 element. Minimum length of each is 1.
comment string

Optional comment
endpoint_ids array[string] Required

List of endpoint IDs (cannot contain empty strings)

At least 1 element. Minimum length of each is 1.
parameters object Required

Optional parameters object
Hide parameters attribute Show parameters attribute object
- path string Required

Responses

200 application/json

OK

POST /api/endpoint/action/get_file

curl \ --request POST 'https://<KIBANA_URL>/api/endpoint/action/get_file' \ --header "Authorization: $API_KEY" \ --header "Content-Type: application/json" \ --data '{"comment":"Get my file","parameters":{"path":"/usr/my-file.txt"},"endpoint_ids":["ed518850-681a-4d60-bb98-e22640cae2a8"]}'

Request example

{ "comment": "Get my file", "parameters": { "path": "/usr/my-file.txt" }, "endpoint_ids": [ "ed518850-681a-4d60-bb98-e22640cae2a8" ] }

Response examples (200)

{ "data": { "id": "27ba1b42-7cc6-4e53-86ce-675c876092b2", "hosts": { "ed518850-681a-4d60-bb98-e22640cae2a8": { "name": "gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r" } }, "agents": [ "ed518850-681a-4d60-bb98-e22640cae2a8" ], "status": "pending", "command": "get-file", "outputs": {}, "agentType": "endpoint", "createdBy": "myuser", "isExpired": false, "startedAt": "2023-07-28T19:00:03.911Z", "agentState": { "ed518850-681a-4d60-bb98-e22640cae2a8": { "isCompleted": false, "wasSuccessful": false } }, "parameters": { "path": "/usr/my-file.txt" }, "isCompleted": false, "wasSuccessful": false } }