Isolate/Unisolate Endpoint - Endpoint not found

Question

Isolate/Unisolate Endpoint - Endpoint not found

lawiet47 opened this issue 2 years ago · comments

During the invocation of the endpoints_api.isolate_endpoints or endpoints.api.unisolate_endpoints the client returns b'{"reply": {"err_code": 500, "err_msg": "An error occurred while processing XDR public API - No endpoint was found for creating the requested action", "err_extra": "can\'t create group action id for ISOLATE"}}' even though provided endpoint_list is selected directly from the Cortex XDR dashboard``

Python 3.9
API Version 1.7.2

n1ls · Answer 1 · Tue Aug 30 2022 18:26:12 GMT+0800 (China Standard Time)

Same thing when submitting the request for just one endpoint with {'request_data': {'endpoint_id': 'EXISTING_ENDPOINT_ID'}}

Eloi Barti · Answer 2 · Wed Aug 31 2022 01:05:13 GMT+0800 (China Standard Time)

Hey @lawiet47 are you sure of this? Makew sure you are isolating with the ID, not the Endpoint Name (as their API docs WRONGLY suggest)

n1ls · Answer 3 · Wed Aug 31 2022 01:06:43 GMT+0800 (China Standard Time)

It's the endpoint_id in the md5 hash format, obtained from the cortex dashboard

Eloi Barti · Answer 4 · Mon Sep 05 2022 01:10:08 GMT+0800 (China Standard Time)

I cannot reproduce the issue

n1ls · Answer 5 · Wed Sep 07 2022 15:10:52 GMT+0800 (China Standard Time)

Can you please share the command that you execute? I'm still getting the same error

n1ls · Answer 6 · Mon Sep 12 2022 16:56:51 GMT+0800 (China Standard Time)

I'm gonna go ahead and close this issue as this is expected for the endpoint to have the opposite state when performing either the isolate or unisolate.