Method: Falcon::RealTimeResponseApi#r_tr_execute_active_responder_command_with_http_info

Defined in:: lib/crimson-falcon/api/real_time_response_api.rb

#r_tr_execute_active_responder_command_with_http_info(body, opts = {}) ⇒ `Array<(DomainCommandExecuteResponseWrapper, Integer, Hash)>`

Execute an active responder command on a single host.

Parameters:

body (DomainCommandExecuteRequest) —

Use this endpoint to run these [real time response commands](falcon.crowdstrike.com/support/documentation/11/getting-started-guide#rtr_commands): - `cat` - `cd` - `clear` - `cp` - `encrypt` - `env` - `eventlog` - `filehash` - `get` - `getsid` - `help` - `history` - `ipconfig` - `kill` - `ls` - `map` - `memdump` - `mkdir` - `mount` - `mv` - `netstat` - `ps` - `reg query` - `reg set` - `reg delete` - `reg load` - `reg unload` - `restart` - `rm` - `runscript` - `shutdown` - `unmap` - `update history` - `update install` - `update list` - `update query` - `xmemdump` - `zip` Required values. The rest of the fields are unused. **`base_command`** Active-Responder command type we are going to execute, for example: `get` or `cp`. Refer to the RTR documentation for the full list of commands. **`command_string`** Full command string for the command. For example `get some_file.txt` **`session_id`** RTR session ID to run the command on
opts (Hash) (defaults to: {}) —

the optional parameters

Returns:

(Array<(DomainCommandExecuteResponseWrapper, Integer, Hash)>) —

DomainCommandExecuteResponseWrapper data, response status code and response headers

# File 'lib/crimson-falcon/api/real_time_response_api.rb', line 965

def r_tr_execute_active_responder_command_with_http_info(body, opts = {})
  if @api_client.config.debugging
    @api_client.config.logger.debug 'Calling API: RealTimeResponseApi.r_tr_execute_active_responder_command ...'
  end
  # verify the required parameter 'body' is set
  if @api_client.config.client_side_validation && body.nil?
    fail ArgumentError, "Missing the required parameter 'body' when calling RealTimeResponseApi.r_tr_execute_active_responder_command"
  end
  # resource path
  local_var_path = '/real-time-response/entities/active-responder-command/v1'

  # query parameters
  query_params = opts[:query_params] || {}

  # header parameters
  header_params = opts[:header_params] || {}
  # HTTP header 'Accept' (if needed)
  header_params['Accept'] = @api_client.select_header_accept(['application/json'])
  # HTTP header 'Content-Type'
  content_type = @api_client.select_header_content_type(['application/json'])
  if !content_type.nil?
    header_params['Content-Type'] = content_type
  end

  # form parameters
  form_params = opts[:form_params] || {}

  # http body (model)
  post_body = opts[:debug_body] || @api_client.object_to_http_body(body)

  # return_type
  return_type = opts[:debug_return_type] || 'DomainCommandExecuteResponseWrapper'

  # auth_names
  auth_names = opts[:debug_auth_names] || ['oauth2']

  new_options = opts.merge(
    :operation => :"RealTimeResponseApi.r_tr_execute_active_responder_command",
    :header_params => header_params,
    :query_params => query_params,
    :form_params => form_params,
    :body => post_body,
    :auth_names => auth_names,
    :return_type => return_type
  )

  data, status_code, headers = @api_client.call_api(:POST, local_var_path, new_options)
  if @api_client.config.debugging
    @api_client.config.logger.debug "API called: RealTimeResponseApi#r_tr_execute_active_responder_command\nData: #{data.inspect}\nStatus code: #{status_code}\nHeaders: #{headers}"
  end
  return data, status_code, headers
end

Method: Falcon::RealTimeResponseApi#r_tr_execute_active_responder_command_with_http_info

#r_tr_execute_active_responder_command_with_http_info(body, opts = {}) ⇒ Array<(DomainCommandExecuteResponseWrapper, Integer, Hash)>

#r_tr_execute_active_responder_command_with_http_info(body, opts = {}) ⇒ `Array<(DomainCommandExecuteResponseWrapper, Integer, Hash)>`