REST API Response

Allows the user to block or unblock an executable and kill running processes

 

HTTP request:

POST api/v1/executables/{id}/block

POST api/v1/executables/{id}/unblock

URL query:

$idType—if $idType=sha1 {id} in URL is interpreted as sha1 of a module

Request header: Authorization token

Request body: JSON object with the following properties:

clean—when set to true, running processes will be killed, and module moved to the quarantine

note—allows to add a note

These properties are effective only when blocking.

 

POST – Updates machine’s state

 

HTTP request:

POST  api/v1/machines/{computerId}/isolate—isolates the computer from the network

POST api/v1/machines/{computerId}/integrate—reconnect the computer to the network

URL query:

$idType—if $idType=uuid {id} in URL is interpreted as uuid of a rule

Request: none

Response: none

 

POST – Updates machine’s state

 

HTTP request: POST api/v1/machines/{processId}/kill—kills the specific process if available

Request: none

Response: none