REST API Response
Allow the user to block / unblock an executable and kill running processes:
HTTP request:
POST api/v1/executables/{id}/block |
POST api/v1/executables/{id}/unblock |
URL query:
$idType |
if $idType=sha1 {id} in URL is interpreted as sha1 of a module |
Request header: Authorization token
Request body: JSON object with the following properties:
clean |
When set to true, running processes will be killed, and the module moved to the quarantine |
note |
Enable adding a note |
These properties are effective only when blocking.
POST - Updates machine’s state
HTTP request:
POST api/v1/machines/{computerId}/isolate |
Isolate the computer from the network |
POST api/v1/machines/{computerId}/integrate |
Reconnect the computer to the network |
URL query:
$idType |
if $idType=uuid {id} in URL is interpreted as uuid of a rule |
Request: none
Response: none
POST - Updates machine’s state
HTTP request:
POST api/v1/machines/{processId}/kill |
Kills the specific process if available |
Request: none
Response: none