Release an isolated host
editRelease an isolated host
editRemoves a host’s isolation status and allows it to rejoin a network.
Console supports Elasticsearch APIs only. Console doesn’t allow interactions with Kibana APIs. You must use curl
or another HTTP tool instead. For more information, refer to Run Elasticsearch API requests.
You must have the superuser
role to perform this action. It is available to all license levels.
Request URL
editPOST <kibana host>:<port>/api/endpoint/unisolate
Request body
editA JSON object with these fields:
Name | Type | Description | Required |
---|---|---|---|
|
Array (String) |
The IDs of each endpoint you want to release. |
Yes |
|
Array (String) |
If this action is associated with any alerts, they can be specified here. The released event will be logged in cases associated with the specified alerts. |
No |
|
Array (String) |
Logs the action taken on specified cases. |
No |
|
String |
Attaches a comment to this action’s log. The comment text will appear in associated cases. |
No |
Example requests
editReleases a single host with an endpoint_id
value of ed518850-681a-4d60-bb98-e22640cae2a8
:
POST /api/endpoint/unisolate { "endpoint_ids": ["ed518850-681a-4d60-bb98-e22640cae2a8"] }
Releases several hosts; includes a comment:
POST /api/endpoint/unisolate { "endpoint_ids": [ "9972d10e-4b9e-41aa-a534-a85e2a28ea42", "bc0e4f0c-3bca-4633-9fee-156c0b505d16", "fa89271b-b9d4-43f2-a684-307cffddeb5a" ], "comment": "Benign process identified, releasing group" }
Releases hosts with an associated case; includes a comment.
POST /api/endpoint/unisolate { "endpoint_ids": [ "1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0", "b30a11bf-1395-4707-b508-fbb45ef9793e" ], "case_ids": ["4976be38-c134-4554-bd5e-0fd89ce63667"] "comment": "Remediation complete, restoring network" }
Response code
edit-
200
- Indicates a successful call.
-
403
-
Indicates insufficient user role (must be
superuser
). -
500
- General error. A response message will indicate the failure.