Terminates the suspicious processes specified, if they are running on the endpoints.
HTTP Request
POST /WebApp/OSCE_iES/OsceIes/ApiEntry
Parameters
The HTTP request body must contain all required parameters.
|
Name |
Type |
Description |
|---|---|---|
|
Required Parameters |
||
|
Url |
String |
Specifies the Endpoint Sensor API request to query |
|
TaskType |
Integer |
Type of API request For Endpoint Sensor, the value is always 4. For available values, see Threat Investigation API Task Types. |
|
Payload |
Object |
Payload of the request |
|
serverGuid |
String array |
GUID of servers which manage the endpoints specified in agentGuid If both agentGuid and serverGuid contain an empty array, the termination request targets all agents. |
|
agentGuid |
Object |
GUID of the agent The value of agentGuid is a object of key-value pairs. The key is the serverGuid, and the value is a list of agentGuid strings of the endpoints managed by the target server. It uses the following format: { serverGuid : [ agentGuid ] } If both agentGuid and serverGuid contain an empty array, the request targets all agents. |
|
suspiciousObjectName |
String |
File name of the object to terminate |
|
terminationInfoList |
Object array |
Container for terminationInfoList objects |
|
terminationInfoList[i].name |
Integer |
Metadata type of object to terminate Only the following values are supported:
|
|
terminationInfoList[i].value |
String |
Hash value of the object to terminate |
|
filter |
Object |
Container for filter objects |
|
filter[i].type |
Integer |
Sends the termination request only to the endpoints that match the specified filter Only the following values are supported:
|
|
filter[i].value |
String |
Value of the filter type For details, see Threat Investigation API "selectAll" Types and Values. |
HTTP Request Example
POST /WebApp/OSCE_iES/OsceIes/ApiEntry
HTTP Request Body
Specify a JSON object containing the following HTTP request body:
Request body:
{
"Url": "V1/Task/CreateProcessTermination",
"TaskType": 4,
"Payload": {
"agentGuid": {
"2EBEC86D-3FEB-4666-9CA6-B80AB1E193E6": [
"8214F9BA-3200-46F6-A68F-008F901FF09D"
]
},
"serverGuid": [
"2EBEC86D-3FEB-4666-9CA6-B80AB1E193E6"
],
"suspiciousObjectName": "pyinstaller.exe",
"terminationInfoList": [
{
"name": 101,
"value": "2FF40C5ED6E5A3BBC68A10F2966F347463E326AD"
}
]
}
}
Response
If successful, this method returns an HTTP status code of "200", result code of "0", and a response body with the following structure:
{
"Data": {
"Code": 0,
"CodeType": 1,
"Message": "OK",
"Data": {
"taskId": "e5d78dee-69d5-402c-9a3e-22a803d46a22",
"lastContentId": "",
"hasMore": false,
"serverName": "SAMPLE_SERVER",
"serverGuid": "2EBEC86D-3FEB-4666-9CA6-B80AB1E193E6",
"content": [
{
"statusCode": 0,
"message": "TMSL_S_SUCCESS",
"content": {
"processTerminationSummaryGuid":
"e5d78dee-69d5-402c-9a3e-22a803d46a22",
"status": 3,
"agentGuid": [
"8214F9BA-3200-46F6-A68F-008F901FF09D"
]
}
}
]
},
"TimeZone": 8
},
"Meta": {
"result": 1,
"errorCode": 0,
"errorMessgae": "Success"
},
"PermissionCtrl": {
"permission": "255",
"elements": null
},
"FeatureCtrl": {
"mode": "0"
},
"SystemCtrl": {
"TmcmSoDist_Role": "none"
}
}
The following table describes the response objects specific to this API.
|
Name |
Type |
Description |
|---|---|---|
|
processTerminationSummaryGuid |
String |
The GUID of the process termination summary |
|
status |
Integer |
The status of the agent For possible values, see Threat Investigation API Agent Status Values. |
|
agentGUID |
String array |
GUID of the terminated agents |
For more information about standard responses and response codes for this API, see the following topics: