Get processesedit

Get processes on a host running Elastic Defend.

You must have the superuser role and at least an Enterprise license to perform this action.

Request URLedit

POST <kibana host>:<port>/api/endpoint/action/running_procs

Request bodyedit

A JSON object with these fields:

Name Type Description Required

endpoint_ids

Array (String)

The IDs of endpoints where you want to issue this action.

Yes

alert_ids

Array (String)

If this action is associated with any alerts, they can be specified here. The action will be logged in any cases associated with the specified alerts.

No

case_ids

Array (String)

The IDs of cases where the action taken will be logged.

No

comment

String

Attach a comment to this action’s log. The comment text will appear in associated cases.

No

Example requestsedit

Get processes on a host with an endpoint_id value of ed518850-681a-4d60-bb98-e22640cae2a8:

POST /api/endpoint/action/running_procs
{
  "endpoint_ids": ["ed518850-681a-4d60-bb98-e22640cae2a8"]
}

Response codeedit

200
Indicates a successful call.
403
Indicates insufficient user role (must be superuser), or unsupported license level (minimum Enterprise license required).
500
General error. A response message will provide additional details.

Response payloadedit

A JSON object with an id that refers to the submitted action.

Example responseedit

{
  "data": {
    "id": "233db9ea-6733-4849-9226-5a7039c7161d",
    "agents": ["ed518850-681a-4d60-bb98-e22640cae2a8"],
    "command": "running-processes",
    "isExpired": false,
    "isCompleted": true,
    "wasSuccessful": true,
    "errors": [],
    "startedAt": "2022-07-29T19:08:49.126Z",
    "completedAt": "2022-07-29T19:09:44.961Z",
    "outputs": {
      "ed518850-681a-4d60-bb98-e22640cae2a8": {
        "type": "json",
        "content": {
          "key": "value"
        }
      }
    },
    "createdBy": "myuser",
    "comment": "",
    "parameters": {}
  }
}