Scan a file or directory

POST /api/endpoint/action/scan

Api key auth Basic auth

Spaces method and path for this operation:

post /s/{space_id}/api/endpoint/action/scan

Refer to Spaces for more information.

Scan a specific file or directory on an endpoint for malware.

application/json

Body Required

agent_type string

List of agent types to retrieve. Defaults to endpoint.

Values are endpoint, sentinel_one, crowdstrike, or microsoft_defender_endpoint.
alert_ids array[string(nonempty)]

A list of alerts ids.

At least 1 element. Minimum length of each is 1.
case_ids array[string]

Case IDs to be updated (cannot contain empty strings)

At least 1 element. Minimum length of each is 1.
comment string

Optional comment
endpoint_ids array[string] Required

List of endpoint IDs (cannot contain empty strings)

At least 1 element. Minimum length of each is 1.
parameters object Required

Optional parameters object
Hide parameters attribute Show parameters attribute object
- path string Required
  
  The folder or file’s full path (including the file name).

Responses

200 application/json

OK

POST /api/endpoint/action/scan

curl \
 --request POST 'https://localhost:5601/api/endpoint/action/scan' \
 --header "Authorization: $API_KEY" \
 --header "Content-Type: application/json" \
 --data '{"comment":"Scan the file for malware","parameters":{"path":"/usr/my-file.txt"},"endpoint_ids":["ed518850-681a-4d60-bb98-e22640cae2a8"]}'