Live response API - 'Get results' stuck in status: pending

Copper Contributor

I'm trying to get a file with the live response API using the following GET request:

 

https://api-eu.securitycenter.microsoft.com/API/machines/{{machine_id}}/runliveresponse

 

and json body:

 

{
   "Commands":[
    {
         "type":"GetFile",
         "params":[
            {
               "key":"Path",
               "value":"C:\\windows\\TEMP\\testOutput.txt"
            }
         ]
      }
   ],
   "Comment":"Testing Live Response API"
}

 

 

returns:

 

{
    "@odata.context": "https://api-eu.securitycenter.microsoft.com/api/$metadata#MachineActions/$entity",
    "id": "xxx",
    "type": "LiveResponse",
    "title": null,
    "requestor": "liveResponse",
    "requestorComment": "Testing Live Response API",
    "status": "Pending",
    "machineId": "xxx",
    "computerDnsName": "xxx",
    "creationDateTimeUtc": "2024-02-13T14:39:30.8766652Z",
    "lastUpdateDateTimeUtc": "2024-02-13T14:39:42.511563Z",
    "cancellationRequestor": null,
    "cancellationComment": null,
    "cancellationDateTimeUtc": null,
    "errorHResult": 0,
    "scope": null,
    "externalId": null,
    "requestSource": "PublicApi",
    "relatedFileInfo": null,
    "commands": [
        {
            "index": 0,
            "startTime": "2024-02-13T14:39:36.76917Z",
            "endTime": "2024-02-13T14:39:42.511176Z",
            "commandStatus": "Completed",
            "errors": [],
            "command": {
                "type": "GetFile",
                "params": [
                    {
                        "key": "Path",
                        "value": "C:\\Windows\\Temp\\testOutput.txt"
                    }
                ]
            }
        }
    ],
    "troubleshootInfo": null
}

 

Using the 'api/machineactions/{{id}}/GetLiveResponseResultDownloadLink(index=0)' always returns the status: Pending no matter how long I wait.

Expected:

'status: Failed' or the download link as value

 

Am i doing something wrong here? Using 'getfile C:\\windows\\TEMP\\testOutput.txt' in the live response command console works on the same device.

0 Replies