Run Command - Blink Documentation

Run an Active Response command on all agents or a list of them.

External DocumentationTo learn more, visit the Wazuh Server documentation.

Basic Parameters

Parameter	Description
Agent IDs	A comma-separated list, without any whitespace before or after the commas, of agent IDs. All agents are selected by default.
Arguments	A comma-separated list, without any whitespace before or after the commas, of command arguments.
Command	The command running in the agent. Note: If this value starts with `!`, then it refers to a script name instead of a command name.
Pretty	Select to show results in human-readable format.
Wait For Complete	Select to disable timeout response.

Advanced Parameters

Parameter	Description
Alert Data	Alert data depending on the active response command executed.

Example Output

{
	"data": {
		"affected_items": [
			"001",
			"002"
		],
		"total_affected_items": 2,
		"total_failed_items": 0,
		"failed_items": []
	},
	"message": "AR command was sent to all agents",
	"error": 0
}

Workflow Library Example

Run Command with Wazuh Server and Send Results Via Email

Preview this Workflow on desktop

Integrations

​Basic Parameters

​Advanced Parameters

​Example Output

​Workflow Library Example

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example