Get Endpoint
Returns details for specific endpoints. You must select the field and value for filtering the endpoints.
Parameters
| Parameter | Description |
|---|---|
| Endpoint Filter Value | You must select the field via the Filter by parameter before entering its value. If you've chosen the hostname field, you can use the dropdown to insert its value. For other fields, manually enter the value. |
| Filter By | Select the field to filter by. Available fields: endpoint_id_list: List of endpoint IDs.hostname: Host name.group_name: Group name the agent belongs to.dist_name: Distribution / Installation Package name.ip_list: List of IP addresses.public_ip_list: Public IP addresses that correlate to the last IPv4 address from which the XDR agent connected (know as Last Origin IP).alias: Alias name. |
Example Output
{
"reply": {
"total_count": 0,
"result_count": 0,
"endpoints": [
{
"endpoint_id": "string",
"endpoint_name": "string",
"endpointTags": "string",
"endpoint_type": "string",
"endpoint_status": "string",
"os_type": "string",
"os_version": "string",
"ip": [
"string"
],
"ipv6": [
{}
],
"public_ip": "string",
"users": [
"string"
],
"domain": "string",
"alias": "string",
"first_seen": 0,
"last_seen": 0,
"content_version": "string",
"installation_package": "string",
"active_directory": null,
"install_date": 0,
"endpoint_version": "string",
"is_isolated": "string",
"isolated_date": null,
"group_name": [
{}
],
"operational_status": "string",
"operational_status_description": "string",
"scan_status": "string",
"content_release_timestamp": 0,
"last_content_update_time": 0,
"content_status": "string",
"operating_system": "string",
"mac_address": [
"string"
],
"assigned_prevention_policy": "string",
"assigned_extensions_policy": "string"
}
]
}
}
Workflow Library Example
Get Endpoint with Cortex Xdr and Send Results Via Email
Preview this Workflow on desktop