Execute a command on a host
editExecute a command on a host
editExecute a command on a host running Elastic Defend.
You must have the Execute Operations
Kibana privilege in the Security feature as part of your role and at least an Enterprise license to perform this action.
Request URL
editPOST <kibana host>:<port>/api/endpoint/action/execute
Request body
editA JSON object with these fields:
Name | Type | Description | Required |
---|---|---|---|
|
Array (String) |
The IDs of endpoints where you want to issue this action. |
Yes |
|
Array (String) |
If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. |
No |
|
Array (String) |
The IDs of cases where the action taken will be logged. |
No |
|
String |
Attach a comment to this action’s log. The comment text will appear in associated cases. |
No |
|
String |
A shell command to run on the host. The command must be supported by |
Yes |
|
Integer |
The duration, in seconds, that the host waits for the command to complete. If no timeout is specified, it defaults to four hours. |
No |
The execute
action uploads a text file containing the results of the execution on the endpoint, which is rate-limited. If you are using the endpoint_ids
field to task multiple endpoints, you should batch your calls in groups of 10 at a time.
Example requests
editRuns the command ls -al
on a host with an endpoint_id
value of ed518850-681a-4d60-bb98-e22640cae2a8
with a timeout of 600
seconds and comments Get list of all files
:
POST /api/endpoint/action/execute { "endpoint_ids": ["ed518850-681a-4d60-bb98-e22640cae2a8"], "parameters": { "command": "ls -al", "timeout": 600 }, "comment": "Get list of all files" }
Response code
edit-
200
- Indicates a successful call.
-
403
- Indicates insufficient privileges, or unsupported license level (minimum Enterprise license required).
Response payload
editA JSON object with the details of the response action created.
Example response
edit{ "data": { "id": "9f934028-2300-4927-b531-b26376793dc4", "agents": [ "ed518850-681a-4d60-bb98-e22640cae2a8" ], "hosts": { "ed518850-681a-4d60-bb98-e22640cae2a8": { "name": "gke-endpoint-gke-clu-endpoint-node-po-e1a3ab89-4c4r" } }, "command": "execute", "startedAt": "2023-07-28T18:43:27.362Z", "isCompleted": false, "wasSuccessful": false, "isExpired": false, "status": "pending", "outputs": {}, "agentState": { "ed518850-681a-4d60-bb98-e22640cae2a8": { "isCompleted": false, "wasSuccessful": false } }, "createdBy": "myuser", "comment": "Get list of all files", "parameters": { "command": "ls -al", "timeout": 600 } } }