Upload file to host
editUpload file to host
editUpload a file to a host running Elastic Defend.
You must have the File Operations
Kibana privilege in the Security feature as part of your role and at least an Enterprise license to perform this action.
Request URL
editPOST <kibana host>:<port>/api/endpoint/action/upload
The request must include the Content-Type: multipart/form-data
HTTP header.
Request body
editA multipart/form-data
with the following:
Name | Type | Description | Required |
---|---|---|---|
|
Array (String) |
The IDs of endpoints where you want to issue this action. |
Yes |
|
String |
The type of Agent that the host is running with. Accepted values are:
|
No |
|
Array (String) |
If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts. |
No |
|
Array (String) |
The IDs of cases where the action taken will be logged. |
No |
|
String |
Attach a comment to this action’s log. The comment text will appear in associated cases. |
No |
|
Boolean |
Overwrite the file on the host if it already exists. |
No |
|
Stream |
The file content to be uploaded. |
Yes |
Example requests
editUpload a file named fix-malware.sh
to a host with an endpoint_id
value of ed518850-681a-4d60-bb98-e22640cae2a8
. It assumes that the file is located in the same directory where the command is being entered:
curl -X POST "api/endpoint/action/upload" \ -H 'kbn-xsrf: true' \ -H 'Content-Type: multipart/form-data' \ -F 'endpoint_ids: ["ed518850-681a-4d60-bb98-e22640cae2a8"]' \ -F "[email protected]"
Response code
edit-
200
- Indicates a successful call.
-
403
- Indicates insufficient privileges, or unsupported license level (minimum Enterprise license required).
Response payload
editA JSON object with the details of the response action created.
Example response
edit{ "data": { "id": "9ff6aebc-2cb6-481e-8869-9b30036c9731", "agents": [ "ed518850-681a-4d60-bb98-e22640cae2a8" ], "hosts": { "ed518850-681a-4d60-bb98-e22640cae2a8": { "name": "Host-5i6cuc8kdv" } }, "command": "upload", "agentType": "endpoint", "startedAt": "2023-07-03T15:07:22.837Z", "isCompleted": false, "wasSuccessful": false, "isExpired": false, "status": "pending", "outputs": {}, "agentState": { "ed518850-681a-4d60-bb98-e22640cae2a8": { "isCompleted": false, "wasSuccessful": false } }, "createdBy": "elastic", "parameters": { "file_name": "fix-malware.sh", "file_id": "10e4ce3d-4abb-4f93-a0cd-eaf63a489280", "file_sha256": "a0bed94220193ba4895c0aa5b4e7e293381d15765cb164ddf7be5cdd010ae42a", "file_size": 69 } } }