killProcess

You can use this method to initiate a task that terminates a running process on a managed endpoint.

API URL: CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/investigation.

Important

This method requires:
- A license that includes the EDR and Remote Shell features.
- Advanced Investigation and Manage Networks rights.
As an alternative to using this method, you can initiate a process termination task directly from GravityZone Control Center. In the Endpoint incident Graph tab, select the Process node to open its details panel, then click Kill under Remediation > Fix & Remediate in the side panel.

Parameters

Parameter	Description	Included in request	Type	Value requirements
`targetId`	The ID of the managed endpoint where the target process is running.	Mandatory	String	Must be the valid ID of an endpoint in your network that is protected by BEST. The string should contain exactly 24 hexadecimal characters.
`processId`	The unique process identifier (PID) of the process to terminate.	Mandatory if `path` is not provided Optional if `path` is provided	Integer	Must be non-negative. If `path` is set, this parameter must correspond to the PID of the process whose executable path matches the value of `path`.
`path`	The file system path of the process to kill.	Mandatory if `processId` is not provided Optional if `processId` is provided	String	Must be a valid file system path. If `processId` is set, this parameter must correspond to the executable path of the process whose PID matches the value of `processId`.

Parameter

Description

Included in request

Type

Value requirements

targetId

The ID of the managed endpoint where the target process is running.

Mandatory

String

Must be the valid ID of an endpoint in your network that is protected by BEST.

The string should contain exactly 24 hexadecimal characters.

processId

The unique process identifier (PID) of the process to terminate.

Mandatory if path is not provided

Optional if path is provided

Integer

Must be non-negative.

If path is set, this parameter must correspond to the PID of the process whose executable path matches the value of path.

path

The file system path of the process to kill.

Mandatory if processId is not provided

Optional if processId is provided

String

Must be a valid file system path.

If processId is set, this parameter must correspond to the executable path of the process whose PID matches the value of processId.

General parameters

These are common parameters, available across all public API methods:

Parameter	Description	Included in request	Type	Value requirements
`id`	This parameter adds an identifier to the request, linking it to its corresponding response. The target replies with the same value in the response, allowing easy call tracking.	Mandatory	String	No additional requirements. Example "id": "ad12cb61-52b3-4209-a87a-93a8530d91cb"
`method`	The name of the method you are using to send the request.	Mandatory	String	Must be a valid method name. Example "method": "methodName"
`jsonrpc`	The version of JSON-RPC used by the request and the response.	Mandatory	String	The only possible value is `2.0`. Example "jsonrpc": "2.0"
`params`	An object containing the configuration of the request.	Mandatory	Object	No additional requirements. Example "params": {...}

Return value

Attribute	Type	Description
`result`	String	The identifier of the initiated Kill process task. Tip You can view the generated task in GravityZone Control Center, in the Network > Tasks section.

Example

Request:

{
    "jsonrpc": "2.0",
    "method": "killProcess",
    "id": "7d2864e9-c67b-48a2-9ba3-0a11d47e83c8",
    "params": {
        "targetId": "66a0fe708d3a52774522b442",
        "processId": 12228
    }
}

Response:

{
    "id": "7d2864e9-c67b-48a2-9ba3-0a11d47e83c8",
    "jsonrpc": "2.0",
    "result": "6560a95884f89d6eca0b61b1"
}

In this section: