Method: Falcon::RealTimeResponseApi#batch_active_responder_cmd_with_http_info

Defined in:
lib/crimson-falcon/api/real_time_response_api.rb

#batch_active_responder_cmd_with_http_info(body, opts = {}) ⇒ Array<(DomainMultiCommandExecuteResponseWrapper, Integer, Hash)>

Batch executes a RTR active-responder command across the hosts mapped to the given batch ID.

Parameters:

  • body (DomainBatchExecuteCommandRequest)

    Use this endpoint to run these [real time response commands](falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - &#x60;cat&#x60; - &#x60;cd&#x60; - &#x60;clear&#x60; - &#x60;cp&#x60; - &#x60;encrypt&#x60; - &#x60;env&#x60; - &#x60;eventlog&#x60; - &#x60;filehash&#x60; - &#x60;get&#x60; - &#x60;getsid&#x60; - &#x60;help&#x60; - &#x60;history&#x60; - &#x60;ipconfig&#x60; - &#x60;kill&#x60; - &#x60;ls&#x60; - &#x60;map&#x60; - &#x60;memdump&#x60; - &#x60;mkdir&#x60; - &#x60;mount&#x60; - &#x60;mv&#x60; - &#x60;netstat&#x60; - &#x60;ps&#x60; - &#x60;reg query&#x60; - &#x60;reg set&#x60; - &#x60;reg delete&#x60; - &#x60;reg load&#x60; - &#x60;reg unload&#x60; - &#x60;restart&#x60; - &#x60;rm&#x60; - &#x60;runscript&#x60; - &#x60;shutdown&#x60; - &#x60;unmap&#x60; - &#x60;update history&#x60; - &#x60;update install&#x60; - &#x60;update list&#x60; - &#x60;update query&#x60; - &#x60;xmemdump&#x60; - &#x60;zip&#x60; **&#x60;base_command&#x60;** Active-Responder command type we are going to execute, for example: &#x60;get&#x60; or &#x60;cp&#x60;. Refer to the RTR documentation for the full list of commands. **&#x60;batch_id&#x60;** Batch ID to execute the command on. Received from &#x60;/real-time-response/combined/batch-init-session/v1&#x60;. **&#x60;command_string&#x60;** Full command string for the command. For example &#x60;get some_file.txt&#x60; **&#x60;optional_hosts&#x60;** List of a subset of hosts we want to run the command on. If this list is supplied, only these hosts will receive the command.

  • opts (Hash) (defaults to: {})

    the optional parameters

Options Hash (opts):

  • :timeout (Integer)

    Timeout for how long to wait for the request in seconds, default timeout is 30 seconds. Maximum is 5 minutes. (default to 30)

  • :timeout_duration (String)

    Timeout duration for how long to wait for the request in duration syntax. Example, &#x60;10s&#x60;. Valid units: &#x60;ns, us, ms, s, m, h&#x60;. Maximum is 5 minutes. (default to ‘30s’)

  • :host_timeout_duration (String)

    Timeout duration for how long a host has time to complete processing. Default value is a bit less than the overall timeout value. It cannot be greater than the overall request timeout. Maximum is &lt; 5 minutes. Example, &#x60;10s&#x60;. Valid units: &#x60;ns, us, ms, s, m, h&#x60;. (default to ‘tiny bit less than overall request timeout’)

Returns:



58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
 
# File 'lib/crimson-falcon/api/real_time_response_api.rb', line 58

def batch_active_responder_cmd_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: RealTimeResponseApi.batch_active_responder_cmd ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling RealTimeResponseApi.batch_active_responder_cmd"
  end
  # resource path
  local_var_path = '/real-time-response/combined/batch-active-responder-command/v1'

  # query parameters
  query_params = opts[:query_params] || {}
  query_params[:'timeout'] = opts[:'timeout'] if !opts[:'timeout'].nil?
  query_params[:'timeout_duration'] = opts[:'timeout_duration'] if !opts[:'timeout_duration'].nil?
  query_params[:'host_timeout_duration'] = opts[:'host_timeout_duration'] if !opts[:'host_timeout_duration'].nil?

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'DomainMultiCommandExecuteResponseWrapper'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"RealTimeResponseApi.batch_active_responder_cmd",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: RealTimeResponseApi#batch_active_responder_cmd\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end