Executes an antigena action on a specific device in Darktrace. Actions include quarantining the device, blocking outgoing traffic, or blocking incoming traffic. If using a user-based API token, the user must have the "Darktrace RESPOND (formerly Antigena)" and "Visualizer" permissions. Data will be anonymized unless the user also has the "Unrestricted Devices" permission.

Target: Darktrace /NETWORK integration target or HTTP Endpoint for "your-tenant.cloud.darktrace.com" with no path

Account Key: None if using an integration-provided target, public and private tokens if using an HTTP Endpoint target

Steps:
[] Build the request payload and authorization headers
[] Execute the action
[] Check if the request was successful:
[]> If it was, attempt to extract data and set the output variables
[]> If it wasn't, output an error

More information about this API: https://portal.darktrace.com/product-guides/main/api-antigena-manual-request

Darktrace /NETWORK - Execute Antigena Action