REST API Response
Enable the user to block or unblock an executable and kill running processes:
HTTP request:
POST api/v1/executables/{id}/block |
POST api/v1/executables/{id}/unblock |
URL query:
$idType |
if $idType=sha1 {id} in URL is interpreted as sha1 of a module |
Request header: Authorization token
Request body: JSON object with the following properties:
clean |
when set to true, running processes will be killed, and module moved to the quarantine |
note |
enable to add a note |
These properties are effective only when blocking.
POST - Updates machine’s state
HTTP request:
POST api/v1/machines/{computerId}/isolate |
isolates the computer from the network |
POST api/v1/machines/{computerId}/integrate |
reconnect the computer to the network |
URL query:
$idType |
if $idType=uuid {id} in URL is interpreted as uuid of a rule |
Request: none
Response: none
POST - Updates machine’s state
HTTP request:
POST api/v1/machines/{processId}/kill |
kills the specific process if available |
Request: none
Response: none