startRetrieveInvestigationFileFromEndpoint

You can use this method to retrieve a file from an endpoint within your company and upload it as an archive to a centralized storage location in GravityZone, where it can be downloaded for further analysis.

API URL: CONTROL_CENTER_APIs_ACCESS_URL/v1.0/jsonrpc/investigation.

Important

To use this method, your user account, your company, and the endpoint from which the file will be retrieved must satisfy all Remote Shell session prerequisites, except for the 2FA requirement.

Parameters

Parameter	Description	Included in request	Type	Value requirements
`targetId`	The unique identifier of the managed endpoint from which the investigation file will be retrieved.	Mandatory	String	The string should be the valid ID of an endpoint within your company. It should contain exactly 24 hexadecimal characters.
`path`	The full path of the file to collect.	Mandatory	String	Must be a valid file path.

General parameters

These are common parameters, available across all public API methods:

Parameter	Description	Included in request	Type	Value requirements
`id`	This parameter adds an identifier to the request, linking it to its corresponding response. The target replies with the same value in the response, allowing easy call tracking.	Mandatory	String	No additional requirements. Example "id": "ad12cb61-52b3-4209-a87a-93a8530d91cb"
`method`	The name of the method you are using to send the request.	Mandatory	String	Must be a valid method name. Example "method": "methodName"
`jsonrpc`	The version of JSON-RPC used by the request and the response.	Mandatory	String	The only possible value is `2.0`. Example "jsonrpc": "2.0"
`params`	An object containing the configuration of the request.	Mandatory	Object	No additional requirements. Example "params": {...}

Return value

Attribute	Type	Description
`result`	String	If the action is initiated successfully, the API responds with the ID of the created task. Tip Use this value as the `activityId` parameter in `getInvestigationFileUrl` to retrieve the download URL for the archive containing the investigation file once the task has completed. You can also download the investigation file directly from GravityZone Control Center. Open the endpoint details from the Network section and go to the Investigation tab.

Example

Request:

{
    "jsonrpc": "2.0",
    "method": "startRetrieveInvestigationFileFromEndpoint",
    "id": "787b5e36-89a8-4353-88b9-6b7a32e9c87f",
    "params": {
        "targetId": "559bd17ab1a43d241b7b23c6",
        "path": "C:\\Users\\user\\Desktop\\test"
    }
}

Response:

{
    "id": "787b5e36-89a8-4353-88b9-6b7a32e9c87f",
    "jsonrpc": "2.0",
    "result": "559bd17ab1a43d241b7b23d7"
}

In this section: