REST API Response
Enable blocking/unblocking an executable and killing running processes:
HTTP request:
POST api/v1/executables/{id}/block |
POST api/v1/executables/{id}/unblock |
URL query:
$idType |
if $idType=sha1 {id} in URL is interpreted as sha1 of a module |
Request header: Authorization token
Request body: JSON object with the following properties:
clean |
When set to true, running processes will be killed, and the module moved to quarantine |
note |
Enable to add notes |
These properties are only effective when blocking.
POST—Updates machine’s state
HTTP request:
POST api/v1/machines/{computerId}/isolate |
Isolates the computer from the network |
POST api/v1/machines/{computerId}/integrate |
Reconnect the computer to the network |
URL query:
$idType |
if $idType=uuid {id} in URL is interpreted as a rule's uuid |
Request: None
Response: None
POST—Updates machine’s state
HTTP request:
POST api/v1/machines/{processId}/kill |
Kills the specific process, if available |
Request: None
Response: None