Feb 13 2024 07:02 AM
I'm trying to get a file with the live response API using the following GET request:
https://api-eu.securitycenter.microsoft.com/API/machines/{{machine_id}}/runliveresponse
and json body:
{
"Commands":[
{
"type":"GetFile",
"params":[
{
"key":"Path",
"value":"C:\\windows\\TEMP\\testOutput.txt"
}
]
}
],
"Comment":"Testing Live Response API"
}
returns:
{
"@odata.context": "https://api-eu.securitycenter.microsoft.com/api/$metadata#MachineActions/$entity",
"id": "xxx",
"type": "LiveResponse",
"title": null,
"requestor": "liveResponse",
"requestorComment": "Testing Live Response API",
"status": "Pending",
"machineId": "xxx",
"computerDnsName": "xxx",
"creationDateTimeUtc": "2024-02-13T14:39:30.8766652Z",
"lastUpdateDateTimeUtc": "2024-02-13T14:39:42.511563Z",
"cancellationRequestor": null,
"cancellationComment": null,
"cancellationDateTimeUtc": null,
"errorHResult": 0,
"scope": null,
"externalId": null,
"requestSource": "PublicApi",
"relatedFileInfo": null,
"commands": [
{
"index": 0,
"startTime": "2024-02-13T14:39:36.76917Z",
"endTime": "2024-02-13T14:39:42.511176Z",
"commandStatus": "Completed",
"errors": [],
"command": {
"type": "GetFile",
"params": [
{
"key": "Path",
"value": "C:\\Windows\\Temp\\testOutput.txt"
}
]
}
}
],
"troubleshootInfo": null
}
Using the 'api/machineactions/{{id}}/GetLiveResponseResultDownloadLink(index=0)' always returns the status: Pending no matter how long I wait.
Expected:
'status: Failed' or the download link as value
Am i doing something wrong here? Using 'getfile C:\\windows\\TEMP\\testOutput.txt' in the live response command console works on the same device.