Suspend a process

POST /api/endpoint/action/suspend_process

Api key auth

Suspend a running process on an endpoint.

application/json

Body Required

agent_type string

List of agent types to retrieve. Defaults to endpoint.

Values are endpoint, sentinel_one, crowdstrike, or microsoft_defender_endpoint.
alert_ids array[string]

If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts.

At least 1 element. Minimum length of each is 1.
case_ids array[string]

The IDs of cases where the action taken will be logged.

At least 1 element. Minimum length of each is 1.
comment string

Optional comment
endpoint_ids array[string] Required

List of endpoint IDs (cannot contain empty strings)

At least 1 element. Minimum length of each is 1.
parameters object Required
One of:
object-1 object object-2 object
Hide attribute Show attribute

pid integer

The process ID (PID) of the process to suspend.

Minimum value is 1.
Hide attribute Show attribute

entity_id string

The entity ID of the process to suspend.

Minimum length is 1.
parameters object

Optional parameters object

Responses

200 application/json

OK

POST /api/endpoint/action/suspend_process

curl \ --request POST 'https://<KIBANA_URL>/api/endpoint/action/suspend_process' \ --header "Authorization: $API_KEY" \ --header "Content-Type: application/json" \ --data '{"comment":"suspend the process","parameters":{"entity_id":"abc123"},"endpoint_ids":["ed518850-681a-4d60-bb98-e22640cae2a8"]}'

Suspend a process

Body Required

parameters object Required

Responses