Is it possible to reinstate decommissioned endpoints in bulk?
Red Canary has recently made the API route for reinstating decommissioned endpoints available to its users. This action can be performed on a set of endpoints based on their endpoint ID.
Note: The endpoint ID is a value that Red Canary assigns to each endpoint for database purposes. This value may not be the same as the sensor ID which is a value that is assigned to an endpoint by the EDR provider.
To determine the endpoint ID for a given endpoint, a user can export a list of decommissioned endpoints in Red Canary by using the following filter and downloading the corresponding CSV file:
In the CSV file, the Red Canary Endpoint URL column contains the endpoint ID values that must be used for this operation.
Note: There is currently no option to Automate this operation.
Please sign in to leave a comment.