Release an isolated hostedit

Removes a host’s isolation status and allows it to rejoin a network.

You must have the superuser role to perform this action. It is available to all license levels.

Request URLedit

POST <kibana host>:<port>/api/endpoint/unisolate

Request bodyedit

A JSON object with these fields:

Name Type Description Required

endpoint_ids

Array (String)

The IDs of each endpoint you want to release.

Yes

alert_ids

Array (String)

If this action is associated with any alerts, they can be specified here. The released event will be logged in cases associated with the specified alerts.

No

case_ids

Array (String)

Logs the action taken on specified cases.

No

comment

String

Attaches a comment to this action’s log. The comment text will appear in associated cases.

No

Example requestsedit

Releases a single host with an endpoint_id value of ed518850-681a-4d60-bb98-e22640cae2a8:

POST /api/endpoint/unisolate
{
  "endpoint_ids": ["ed518850-681a-4d60-bb98-e22640cae2a8"]
}

Releases several hosts; includes a comment:

POST /api/endpoint/unisolate
{
  "endpoint_ids": [
  	"9972d10e-4b9e-41aa-a534-a85e2a28ea42",
  	"bc0e4f0c-3bca-4633-9fee-156c0b505d16",
  	"fa89271b-b9d4-43f2-a684-307cffddeb5a"
  ],
  "comment": "Benign process identified, releasing group"
}

Releases hosts with an associated case; includes a comment.

POST /api/endpoint/unisolate
{
  "endpoint_ids": [
  	"1aa1f8fd-0fb0-4fe4-8c30-92068272d3f0",
  	"b30a11bf-1395-4707-b508-fbb45ef9793e"
  ],
  "case_ids": ["4976be38-c134-4554-bd5e-0fd89ce63667"]
  "comment": "Remediation complete, restoring network"
}

Response codeedit

200
Indicates a successful call.
403
Indicates insufficient user role (must be superuser).
500
General error. A response message will indicate the failure.

Response payloadedit

A JSON object with an id that refers to the submitted action.

Example responseedit

{
  "action": "233db9ea-6733-4849-9226-5a7039c7161d"
}