Druva Ransomware Response

Druva Ransomware Response Integration provides an API based orchestration framework for Druva Ransomware Recovery customers. The integration allows Druva customers to respond immediately in case of a security incident and recovery their backed up data with Confidence This integration was integrated and tested with Realize Ransomwary Recovery module of Druva Public Cloud

Configure Druva Ransomware Response on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for Druva Ransomware Response.
  3. Click Add instance to create and configure a new integration instance.
ParameterDescriptionRequired
urlDruva API URLTrue
clientIdClient IDTrue
secretKeySecret KeyTrue
  1. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Demisto CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

druva-find-device#


Finds Device ID for specific hostname

Base Command#

druva-find-device

Input#

Argument NameDescriptionRequired
search_stringPrefix Search String for data source nameRequired

Context Output#

PathTypeDescription
Druva.Resource.resourceIDnumberResource ID.
Druva.Resource.resourceNamestringResource Name
Druva.Resource.resourceTypeunknownResource Type
Druva.Resource.resourceParentstringResource Server or User

Command Example#

!druva-find-device search_string=sah

Context Example#

{
"Druva": {
"Resource": {
"orgID": -1,
"resourceID": 4497505,
"resourceName": "SahilG-MBP",
"resourceParent": "Druva Integrations",
"resourceStatus": "enabled",
"resourceType": "Endpoint"
}
}
}

Human Readable Output#

Found Druva Devices#

orgIDresourceIDresourceNameresourceParentresourceStatusresourceType
-14497505SahilG-MBPDruva IntegrationsenabledEndpoint

druva-list-quarantine-ranges#


Lists all quarantine ranges in your environment

Base Command#

druva-list-quarantine-ranges

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
Druva.activeQuarantineRanges.resourceIDnumberResource ID.
Druva.activeQuarantineRanges.resourceNamestringResource Name
Druva.activeQuarantineRanges.resourceParentstringResource User Or Server
Druva.activeQuarantineRanges.resourceTypestringResource Type
Druva.activeQuarantineRanges.fromDatestringQuarantine Start Date
Druva.activeQuarantineRanges.toDatestringQuarantine End Date
Druva.activeQuarantineRanges.rangeIDunknownQuarantine Range ID

Command Example#

!druva-list-quarantine-ranges

Context Example#

{
"Druva": {
"activeQuarantineRanges": {
"fromDate": "2020-07-13",
"orgID": -1,
"rangeID": 415,
"recoveryStatus": "None",
"resourceID": 4497505,
"resourceName": "SahilG-MBP",
"resourceParent": "Druva Integrations",
"resourcePlatform": "darwin",
"resourceType": "Endpoint",
"toDate": "2020-07-15",
"workload": "endpoints"
}
}
}

Human Readable Output#

Active quarantined Ranges#

fromDateorgIDrangeIDrecoveryStatusresourceIDresourceNameresourceParentresourcePlatformresourceTypetoDateworkload
2020-07-13-1415None4497505SahilG-MBPDruva IntegrationsdarwinEndpoint2020-07-15endpoints

druva-quarantine-resource#


Quarantine a resource

Base Command#

druva-quarantine-resource

Input#

Argument NameDescriptionRequired
resource_idresource id for which you would like to list resourcesRequired
resource_typetype or resource : Endpoint or File Server or NASRequired
from_dateDate from which a quarantine range should start. If not provided then it is considered as open ended. example: 2020-10-25Optional
to_dateDate from which a quarantine range should end. If not provided then it is considered as open ended. example: 2020-10-25Optional

Context Output#

PathTypeDescription
Druva.QuarantinedRangeIDstringRangeID of the Quarantined Resource

Command Example#

!druva-quarantine-resource resource_id=4497505 resource_type=Endpoint from_date=2020-03-01 to_date=2020-03-10

Context Example#

{
"Druva": {
"QuarantinedRangeID": "445",
"activeQuarantineRanges": [
{
"fromDate": "2020-03-01",
"orgID": -1,
"rangeID": 445,
"recoveryStatus": "None",
"resourceID": 4497505,
"resourceName": "SahilG-MBP",
"resourceParent": "Druva Integrations",
"resourcePlatform": "darwin",
"resourceType": "Endpoint",
"toDate": "2020-03-10",
"workload": "endpoints"
},
{
"fromDate": "2020-07-13",
"orgID": -1,
"rangeID": 415,
"recoveryStatus": "None",
"resourceID": 4497505,
"resourceName": "SahilG-MBP",
"resourceParent": "Druva Integrations",
"resourcePlatform": "darwin",
"resourceType": "Endpoint",
"toDate": "2020-07-15",
"workload": "endpoints"
}
]
}
}

Human Readable Output#

Resource quarantined successfully#

RangeID
445

Active quarantined Ranges#

fromDateorgIDrangeIDrecoveryStatusresourceIDresourceNameresourceParentresourcePlatformresourceTypetoDateworkload
2020-03-01-1445None4497505SahilG-MBPDruva IntegrationsdarwinEndpoint2020-03-10endpoints
2020-07-13-1415None4497505SahilG-MBPDruva IntegrationsdarwinEndpoint2020-07-15endpoints

druva-delete-quarantine-range#


Delete a quarantine range

Base Command#

druva-delete-quarantine-range

Input#

Argument NameDescriptionRequired
range_idID of range to be deletedRequired
resource_idresource id for which you would like to delete the rangeRequired

Context Output#

There is no context output for this command.

Command Example#

!druva-delete-quarantine-range range_id=354 resource_id=3335062

Context Example#

{
"Druva": {
"deletedQuarantineRange": "354"
}
}

Human Readable Output#

Quarantine Range Deleted Successfully#

RangeID
354

druva-view-quarantine-range#


View Quarantine Range Details

Base Command#

druva-view-quarantine-range

Input#

Argument NameDescriptionRequired
range_idID of range to be viewedRequired
resource_idresource id for which you would like to view the rangeRequired

Context Output#

There is no context output for this command.

Command Example#

!druva-view-quarantine-range range_id=415 resource_id=4497505

Context Example#

{
"Druva": {
"viewedQuarantineRange": {
"addedTime": "2020-07-13T07:58:46Z",
"fromDate": "2020-07-13",
"orgID": -1,
"rangeID": 415,
"recoveryStatus": "None",
"resourceID": 4497505,
"resourceName": "SahilG-MBP",
"resourceParent": "Druva Integrations",
"resourcePlatform": "darwin",
"resourceType": "Endpoint",
"toDate": "2020-07-15",
"workload": "endpoints"
}
}
}

Human Readable Output#

Range Details#

addedTimefromDateorgIDrangeIDrecoveryStatusresourceIDresourceNameresourceParentresourcePlatformresourceTypetoDateworkload
2020-07-13T07:58:46Z2020-07-13-1415None4497505SahilG-MBPDruva IntegrationsdarwinEndpoint2020-07-15endpoints

druva-update-quarantine-range#


Updates an existing Quarantine Range

Base Command#

druva-update-quarantine-range

Input#

Argument NameDescriptionRequired
resource_idID of resource to be updatedRequired
range_idID of range to be updatedRequired
resource_typetype or resource to be updated : Endpoint or File Server or NASRequired
from_dateUpdate Date from which a quarantine range should start. If not provided then it is considered as open ended. example: 2020-10-25Optional
to_dateUpdated Date from which a quarantine range should end. If not provided then it is considered as open ended. example: 2020-10-25Optional

Context Output#

PathTypeDescription
Druva.updatedQuarantineRangestringRange ID of the Updated Quarantined Range

Command Example#

!druva-update-quarantine-range range_id=415 resource_id=4497505 from_date=2020-07-13 to_date=2020-07-15 resource_type=Endpoint

Context Example#

{
"Druva": {
"activeQuarantineRanges": [
{
"fromDate": "2020-07-13",
"orgID": -1,
"rangeID": 415,
"recoveryStatus": "None",
"resourceID": 4497505,
"resourceName": "SahilG-MBP",
"resourceParent": "Druva Integrations",
"resourcePlatform": "darwin",
"resourceType": "Endpoint",
"toDate": "2020-07-15",
"workload": "endpoints"
},
{
"fromDate": "2020-03-01",
"orgID": -1,
"rangeID": 445,
"recoveryStatus": "None",
"resourceID": 4497505,
"resourceName": "SahilG-MBP",
"resourceParent": "Druva Integrations",
"resourcePlatform": "darwin",
"resourceType": "Endpoint",
"toDate": "2020-03-10",
"workload": "endpoints"
}
],
"updatedQuarantineRange": "415"
}
}

Human Readable Output#

Range updated successfully#

RangeID
415

Active quarantined Ranges#

fromDateorgIDrangeIDrecoveryStatusresourceIDresourceNameresourceParentresourcePlatformresourceTypetoDateworkload
2020-07-13-1415None4497505SahilG-MBPDruva IntegrationsdarwinEndpoint2020-07-15endpoints
2020-03-01-1445None4497505SahilG-MBPDruva IntegrationsdarwinEndpoint2020-03-10endpoints

druva-list-quarantine-snapshots#


List all quarantine Snapshots for a quarantine range

Base Command#

druva-list-quarantine-snapshots

Input#

Argument NameDescriptionRequired
resource_idresource id for which you would like to view the quarantined snapshotsRequired
range_idID of range for which quarantined snapshots are to be viewedRequired

Context Output#

PathTypeDescription
Druva.quarantinedSnapshots.snapshotIDstringID of the quarantined snapshot
Druva.quarantinedSnapshots.namestringName of the quarantined snapshot

Command Example#

!druva-list-quarantine-snapshots range_id=415 resource_id=4497505

Context Example#

{
"Druva": {
"quarantinedSnapshots": [
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 15 2020, 14:15",
"snapshotID": "MTMyNzQtV2VkIEp1bCAxNSAxNDoxNTo0OCAyMDIw",
"snapshotName": "Jul 15 2020, 14:15",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 15 2020, 13:15",
"snapshotID": "MTMyNzQtV2VkIEp1bCAxNSAxMzoxNToyNiAyMDIw",
"snapshotName": "Jul 15 2020, 13:15",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 15 2020, 11:38",
"snapshotID": "MTMyNzQtV2VkIEp1bCAxNSAxMTozODoyMCAyMDIw",
"snapshotName": "Jul 15 2020, 11:38",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 15 2020, 10:38",
"snapshotID": "MTMyNzQtV2VkIEp1bCAxNSAxMDozODowNiAyMDIw",
"snapshotName": "Jul 15 2020, 10:38",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 15 2020, 06:51",
"snapshotID": "MTMyNzQtV2VkIEp1bCAxNSAwNjo1MTo0NSAyMDIw",
"snapshotName": "Jul 15 2020, 06:51",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 15 2020, 00:02",
"snapshotID": "MTMyNzQtV2VkIEp1bCAxNSAwMDowMjo0NyAyMDIw",
"snapshotName": "Jul 15 2020, 00:02",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 23:02",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAyMzowMjozNSAyMDIw",
"snapshotName": "Jul 14 2020, 23:02",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 22:02",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAyMjowMjoyMSAyMDIw",
"snapshotName": "Jul 14 2020, 22:02",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 21:02",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAyMTowMjowNyAyMDIw",
"snapshotName": "Jul 14 2020, 21:02",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 20:01",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAyMDowMTo1MCAyMDIw",
"snapshotName": "Jul 14 2020, 20:01",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 19:01",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAxOTowMTozNiAyMDIw",
"snapshotName": "Jul 14 2020, 19:01",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 18:01",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAxODowMToyNCAyMDIw",
"snapshotName": "Jul 14 2020, 18:01",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 17:01",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAxNzowMToxMCAyMDIw",
"snapshotName": "Jul 14 2020, 17:01",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 16:00",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAxNjowMDo1NSAyMDIw",
"snapshotName": "Jul 14 2020, 16:00",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 15:00",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAxNTowMDo0MSAyMDIw",
"snapshotName": "Jul 14 2020, 15:00",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 14:00",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAxNDowMDoyOCAyMDIw",
"snapshotName": "Jul 14 2020, 14:00",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 13:00",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAxMzowMDoxMyAyMDIw",
"snapshotName": "Jul 14 2020, 13:00",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 11:59",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAxMTo1OTo1NiAyMDIw",
"snapshotName": "Jul 14 2020, 11:59",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 10:55",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAxMDo1NTo0MiAyMDIw",
"snapshotName": "Jul 14 2020, 10:55",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 09:55",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAwOTo1NToxOSAyMDIw",
"snapshotName": "Jul 14 2020, 09:55",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 08:55",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAwODo1NTowNCAyMDIw",
"snapshotName": "Jul 14 2020, 08:55",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 67,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 13 2020, 01:02",
"snapshotID": "MTMyNzQtTW9uIEp1bCAxMyAwMTowMjoyNSAyMDIw",
"snapshotName": "Jul 13 2020, 01:02",
"snapshotSize": 228657822,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 67,
"updatedFiles": 0
}
]
}
}

Human Readable Output#

Quarantined Snapshots#

alertTypescreatedFilesdeletedFilesencryptedFilesnamesnapshotIDsnapshotNamesnapshotSizestatustotalFilesImpactedupdatedFiles
000Jul 15 2020, 14:15MTMyNzQtV2VkIEp1bCAxNSAxNDoxNTo0OCAyMDIwJul 15 2020, 14:15105355564Snapshot Quarantined00
000Jul 15 2020, 13:15MTMyNzQtV2VkIEp1bCAxNSAxMzoxNToyNiAyMDIwJul 15 2020, 13:15105355564Snapshot Quarantined00
000Jul 15 2020, 11:38MTMyNzQtV2VkIEp1bCAxNSAxMTozODoyMCAyMDIwJul 15 2020, 11:38105355564Snapshot Quarantined00
000Jul 15 2020, 10:38MTMyNzQtV2VkIEp1bCAxNSAxMDozODowNiAyMDIwJul 15 2020, 10:38105355564Snapshot Quarantined00
000Jul 15 2020, 06:51MTMyNzQtV2VkIEp1bCAxNSAwNjo1MTo0NSAyMDIwJul 15 2020, 06:51105355564Snapshot Quarantined00
000Jul 15 2020, 00:02MTMyNzQtV2VkIEp1bCAxNSAwMDowMjo0NyAyMDIwJul 15 2020, 00:02105355564Snapshot Quarantined00
000Jul 14 2020, 23:02MTMyNzQtVHVlIEp1bCAxNCAyMzowMjozNSAyMDIwJul 14 2020, 23:02105355564Snapshot Quarantined00
000Jul 14 2020, 22:02MTMyNzQtVHVlIEp1bCAxNCAyMjowMjoyMSAyMDIwJul 14 2020, 22:02105355564Snapshot Quarantined00
000Jul 14 2020, 21:02MTMyNzQtVHVlIEp1bCAxNCAyMTowMjowNyAyMDIwJul 14 2020, 21:02105355564Snapshot Quarantined00
000Jul 14 2020, 20:01MTMyNzQtVHVlIEp1bCAxNCAyMDowMTo1MCAyMDIwJul 14 2020, 20:01105355564Snapshot Quarantined00
000Jul 14 2020, 19:01MTMyNzQtVHVlIEp1bCAxNCAxOTowMTozNiAyMDIwJul 14 2020, 19:01105355564Snapshot Quarantined00
000Jul 14 2020, 18:01MTMyNzQtVHVlIEp1bCAxNCAxODowMToyNCAyMDIwJul 14 2020, 18:01105355564Snapshot Quarantined00
000Jul 14 2020, 17:01MTMyNzQtVHVlIEp1bCAxNCAxNzowMToxMCAyMDIwJul 14 2020, 17:01105355564Snapshot Quarantined00
000Jul 14 2020, 16:00MTMyNzQtVHVlIEp1bCAxNCAxNjowMDo1NSAyMDIwJul 14 2020, 16:00105355564Snapshot Quarantined00
000Jul 14 2020, 15:00MTMyNzQtVHVlIEp1bCAxNCAxNTowMDo0MSAyMDIwJul 14 2020, 15:00105355564Snapshot Quarantined00
000Jul 14 2020, 14:00MTMyNzQtVHVlIEp1bCAxNCAxNDowMDoyOCAyMDIwJul 14 2020, 14:00105355564Snapshot Quarantined00
000Jul 14 2020, 13:00MTMyNzQtVHVlIEp1bCAxNCAxMzowMDoxMyAyMDIwJul 14 2020, 13:00105355564Snapshot Quarantined00
000Jul 14 2020, 11:59MTMyNzQtVHVlIEp1bCAxNCAxMTo1OTo1NiAyMDIwJul 14 2020, 11:59105355564Snapshot Quarantined00
000Jul 14 2020, 10:55MTMyNzQtVHVlIEp1bCAxNCAxMDo1NTo0MiAyMDIwJul 14 2020, 10:55105355564Snapshot Quarantined00
000Jul 14 2020, 09:55MTMyNzQtVHVlIEp1bCAxNCAwOTo1NToxOSAyMDIwJul 14 2020, 09:55105355564Snapshot Quarantined00
000Jul 14 2020, 08:55MTMyNzQtVHVlIEp1bCAxNCAwODo1NTowNCAyMDIwJul 14 2020, 08:55105355564Snapshot Quarantined00
6700Jul 13 2020, 01:02MTMyNzQtTW9uIEp1bCAxMyAwMTowMjoyNSAyMDIwJul 13 2020, 01:02228657822Snapshot Quarantined670

druva-delete-quarantined-snapshot#


Delete a quarantined Snapshot. Warning: Snapshots once deleted can not be recovered.

Base Command#

druva-delete-quarantined-snapshot

Input#

Argument NameDescriptionRequired
resource_idresource id for which you would like to delete a quarantined snapshotsRequired
snapshot_idID of snapshot you would like to deleteRequired
range_idRange id for which you would like to delete a quarantined snapshotsRequired

Context Output#

PathTypeDescription
Druva.quarantinedSnapshots.snapshotIDstringID of the quarantined snapshot

Command Example#

!druva-delete-quarantined-snapshot range_id=415 resource_id=4497505 snapshot_id=MTMyNzQtV2VkIEp1bCAxNSAxMTozODoyMCAyMDIw

Context Example#

{}

Human Readable Output#

Snapshot Deleted successfully#

Snapshot ID
MTMyNzQtV2VkIEp1bCAxNSAxMTozODoyMCAyMDIw

druva-endpoint-search-file-hash#


Search a file use SHA1 checksum

Base Command#

druva-endpoint-search-file-hash

Input#

Argument NameDescriptionRequired
sha1_checksumchecksum of the file to be searchedRequired

Context Output#

PathTypeDescription
Druva.searchEndpointsFileHashResults.deviceIDstringDevice ID of device the input hash
Druva.searchEndpointsFileHashResults.fileNamestringName of the file on the Endpoint
Druva.searchEndpointsFileHashResults.objectIDstringObject ID
Druva.searchEndpointsFileHashResults.userIDstringUser ID of the Endpoint

Command Example#

!druva-endpoint-search-file-hash sha1_checksum=cec8ad914b1e9db83626b98e8d98512616975fdf

Context Example#

{
"Druva": {
"searchEndpointsFileHashResults": [
{
"creationTime": "2020-05-11T23:49:17Z",
"dataSource": "Devices",
"deviceID": 4464953,
"fileName": "file-example_PDF_1MB.pdf",
"fileSize": 1042157,
"folderPath": "C:\\Users\\sahil\\Documents\\zip_10MB\\zip_10MB",
"modificationTime": "2020-05-11T23:49:10Z",
"objectID": "eyJ2ZXJzaW9uIjoxNiwiZHZlciI6MCwiZnNldGRpciI6IkM6XFxVc2Vyc1xcc2FoaWxcXERvY3VtZW50cyIsInVuaXF1ZV9ubyI6IjBAMDAwMDEwMDAwMFxcIiwic3BhdGgiOiJ7e015IERvY3VtZW50c319L3ppcF8xME1CL3ppcF8xME1CIiwiZG9jaWQiOiJ2ajB6QURraFJBQXdRREF3TURBeE1EQXdNREJjIiwic2lkIjoxMzI3NCwiZGlkIjo0NDY0OTUzfQ==",
"sha1Checksum": "cec8ad914b1e9db83626b98e8d98512616975fdf",
"storageID": 13274,
"userID": 3358142
},
{
"creationTime": "2020-05-11T23:49:17Z",
"dataSource": "Devices",
"deviceID": 4464953,
"fileName": "file-example_PDF_1MB.pdf",
"fileSize": 1042157,
"folderPath": "C:\\Users\\sahil\\Documents\\zip_10MB\\zip_10MB",
"modificationTime": "2020-05-11T23:49:10Z",
"objectID": "eyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsXFxEb2N1bWVudHMiLCJ1bmlxdWVfbm8iOiIwQDAwMDAxQDAwMDEwIiwic3BhdGgiOiJEb2N1bWVudHMxL3ppcF8xME1CL3ppcF8xME1CIiwiZG9jaWQiOiJ2ajB6QURraFJBQXdRREF3TURBeFFEQXdNREV3Iiwic2lkIjoxMzI3NCwiZGlkIjo0NDY0OTUzfQ==",
"sha1Checksum": "cec8ad914b1e9db83626b98e8d98512616975fdf",
"storageID": 13274,
"userID": 3358142
},
{
"creationTime": "2020-05-11T23:49:20Z",
"dataSource": "Devices",
"deviceID": 4464953,
"fileName": "file-example_PDF_1MB.pdf",
"fileSize": 1042157,
"folderPath": "C:\\Users\\sahil\\Desktop\\zip_10MB\\zip_10MB",
"modificationTime": "2020-05-11T23:49:10Z",
"objectID": "eyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsXFxEZXNrdG9wIiwidW5pcXVlX25vIjoiMEAwMDAwMVAwMDAxWCIsInNwYXRoIjoiRGVza3RvcDEvemlwXzEwTUIvemlwXzEwTUIiLCJkb2NpZCI6InZqMHpBRGtoUkFBd1FEQXdNREF4VURBd01ERlkiLCJzaWQiOjEzMjc0LCJkaWQiOjQ0NjQ5NTN9",
"sha1Checksum": "cec8ad914b1e9db83626b98e8d98512616975fdf",
"storageID": 13274,
"userID": 3358142
},
{
"creationTime": "2020-05-11T23:49:20Z",
"dataSource": "Devices",
"deviceID": 4464953,
"fileName": "file-example_PDF_1MB.pdf",
"fileSize": 1042157,
"folderPath": "C:\\Users\\sahil\\Desktop\\zip_10MB\\zip_10MB",
"modificationTime": "2020-05-11T23:49:10Z",
"objectID": "eyJ2ZXJzaW9uIjoxNiwiZHZlciI6MCwiZnNldGRpciI6IkM6XFxVc2Vyc1xcc2FoaWxcXERlc2t0b3AiLCJ1bmlxdWVfbm8iOiIwQDAwMDAxYDAwMDBgIiwic3BhdGgiOiJ7e0Rlc2t0b3B9fS96aXBfMTBNQi96aXBfMTBNQiIsImRvY2lkIjoidmowekFEa2hSQUF3UURBd01EQXhZREF3TURCZyIsInNpZCI6MTMyNzQsImRpZCI6NDQ2NDk1M30=",
"sha1Checksum": "cec8ad914b1e9db83626b98e8d98512616975fdf",
"storageID": 13274,
"userID": 3358142
},
{
"creationTime": "2020-05-11T23:49:20Z",
"dataSource": "Devices",
"deviceID": 4464953,
"fileName": "file-example_PDF_1MB.pdf",
"fileSize": 1042157,
"folderPath": "C:\\Users\\sahil\\Desktop\\zip_10MB\\zip_10MB",
"modificationTime": "2020-05-11T23:49:10Z",
"objectID": "eyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsIiwidW5pcXVlX25vIjoiMEAwMDAwMjAwMDNsbCIsInNwYXRoIjoic2FoaWwvRGVza3RvcC96aXBfMTBNQi96aXBfMTBNQiIsImRvY2lkIjoidmowekFEa2hSQUF3UURBd01EQXlNREF3TTJ4cyIsInNpZCI6MTMyNzQsImRpZCI6NDQ2NDk1M30=",
"sha1Checksum": "cec8ad914b1e9db83626b98e8d98512616975fdf",
"storageID": 13274,
"userID": 3358142
},
{
"creationTime": "2020-05-11T23:49:17Z",
"dataSource": "Devices",
"deviceID": 4464953,
"fileName": "file-example_PDF_1MB.pdf",
"fileSize": 1042157,
"folderPath": "C:\\Users\\sahil\\Documents\\zip_10MB\\zip_10MB",
"modificationTime": "2020-05-11T23:49:10Z",
"objectID": "eyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsIiwidW5pcXVlX25vIjoiMEAwMDAwMjAwMDNuNCIsInNwYXRoIjoic2FoaWwvRG9jdW1lbnRzL3ppcF8xME1CL3ppcF8xME1CIiwiZG9jaWQiOiJ2ajB6QURraFJBQXdRREF3TURBeU1EQXdNMjQwIiwic2lkIjoxMzI3NCwiZGlkIjo0NDY0OTUzfQ==",
"sha1Checksum": "cec8ad914b1e9db83626b98e8d98512616975fdf",
"storageID": 13274,
"userID": 3358142
},
{
"creationTime": "2017-08-12T06:22:30Z",
"dataSource": "Devices",
"deviceID": 4464953,
"fileName": "file-example_PDF_1MB.pdf",
"fileSize": 1042157,
"folderPath": "C:\\Users\\sahil\\Downloads\\zip_10MB\\zip_10MB",
"modificationTime": "2020-05-11T23:49:10Z",
"objectID": "eyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsIiwidW5pcXVlX25vIjoiMEAwMDAwMjAwMDNvTCIsInNwYXRoIjoic2FoaWwvRG93bmxvYWRzL3ppcF8xME1CL3ppcF8xME1CIiwiZG9jaWQiOiJ2ajB6QURraFJBQXdRREF3TURBeU1EQXdNMjlNIiwic2lkIjoxMzI3NCwiZGlkIjo0NDY0OTUzfQ==",
"sha1Checksum": "cec8ad914b1e9db83626b98e8d98512616975fdf",
"storageID": 13274,
"userID": 3358142
}
]
}
}

Human Readable Output#

Search Results#

creationTimedataSourcedeviceIDfileNamefileSizefolderPathmodificationTimeobjectIDsha1ChecksumstorageIDuserID
2020-05-11T23:49:17ZDevices4464953file-example_PDF_1MB.pdf1042157C:\Users\sahil\Documents\zip_10MB\zip_10MB2020-05-11T23:49:10ZeyJ2ZXJzaW9uIjoxNiwiZHZlciI6MCwiZnNldGRpciI6IkM6XFxVc2Vyc1xcc2FoaWxcXERvY3VtZW50cyIsInVuaXF1ZV9ubyI6IjBAMDAwMDEwMDAwMFxcIiwic3BhdGgiOiJ7e015IERvY3VtZW50c319L3ppcF8xME1CL3ppcF8xME1CIiwiZG9jaWQiOiJ2ajB6QURraFJBQXdRREF3TURBeE1EQXdNREJjIiwic2lkIjoxMzI3NCwiZGlkIjo0NDY0OTUzfQ==cec8ad914b1e9db83626b98e8d98512616975fdf132743358142
2020-05-11T23:49:17ZDevices4464953file-example_PDF_1MB.pdf1042157C:\Users\sahil\Documents\zip_10MB\zip_10MB2020-05-11T23:49:10ZeyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsXFxEb2N1bWVudHMiLCJ1bmlxdWVfbm8iOiIwQDAwMDAxQDAwMDEwIiwic3BhdGgiOiJEb2N1bWVudHMxL3ppcF8xME1CL3ppcF8xME1CIiwiZG9jaWQiOiJ2ajB6QURraFJBQXdRREF3TURBeFFEQXdNREV3Iiwic2lkIjoxMzI3NCwiZGlkIjo0NDY0OTUzfQ==cec8ad914b1e9db83626b98e8d98512616975fdf132743358142
2020-05-11T23:49:20ZDevices4464953file-example_PDF_1MB.pdf1042157C:\Users\sahil\Desktop\zip_10MB\zip_10MB2020-05-11T23:49:10ZeyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsXFxEZXNrdG9wIiwidW5pcXVlX25vIjoiMEAwMDAwMVAwMDAxWCIsInNwYXRoIjoiRGVza3RvcDEvemlwXzEwTUIvemlwXzEwTUIiLCJkb2NpZCI6InZqMHpBRGtoUkFBd1FEQXdNREF4VURBd01ERlkiLCJzaWQiOjEzMjc0LCJkaWQiOjQ0NjQ5NTN9cec8ad914b1e9db83626b98e8d98512616975fdf132743358142
2020-05-11T23:49:20ZDevices4464953file-example_PDF_1MB.pdf1042157C:\Users\sahil\Desktop\zip_10MB\zip_10MB2020-05-11T23:49:10ZeyJ2ZXJzaW9uIjoxNiwiZHZlciI6MCwiZnNldGRpciI6IkM6XFxVc2Vyc1xcc2FoaWxcXERlc2t0b3AiLCJ1bmlxdWVfbm8iOiIwQDAwMDAxYDAwMDBgIiwic3BhdGgiOiJ7e0Rlc2t0b3B9fS96aXBfMTBNQi96aXBfMTBNQiIsImRvY2lkIjoidmowekFEa2hSQUF3UURBd01EQXhZREF3TURCZyIsInNpZCI6MTMyNzQsImRpZCI6NDQ2NDk1M30=cec8ad914b1e9db83626b98e8d98512616975fdf132743358142
2020-05-11T23:49:20ZDevices4464953file-example_PDF_1MB.pdf1042157C:\Users\sahil\Desktop\zip_10MB\zip_10MB2020-05-11T23:49:10ZeyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsIiwidW5pcXVlX25vIjoiMEAwMDAwMjAwMDNsbCIsInNwYXRoIjoic2FoaWwvRGVza3RvcC96aXBfMTBNQi96aXBfMTBNQiIsImRvY2lkIjoidmowekFEa2hSQUF3UURBd01EQXlNREF3TTJ4cyIsInNpZCI6MTMyNzQsImRpZCI6NDQ2NDk1M30=cec8ad914b1e9db83626b98e8d98512616975fdf132743358142
2020-05-11T23:49:17ZDevices4464953file-example_PDF_1MB.pdf1042157C:\Users\sahil\Documents\zip_10MB\zip_10MB2020-05-11T23:49:10ZeyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsIiwidW5pcXVlX25vIjoiMEAwMDAwMjAwMDNuNCIsInNwYXRoIjoic2FoaWwvRG9jdW1lbnRzL3ppcF8xME1CL3ppcF8xME1CIiwiZG9jaWQiOiJ2ajB6QURraFJBQXdRREF3TURBeU1EQXdNMjQwIiwic2lkIjoxMzI3NCwiZGlkIjo0NDY0OTUzfQ==cec8ad914b1e9db83626b98e8d98512616975fdf132743358142
2017-08-12T06:22:30ZDevices4464953file-example_PDF_1MB.pdf1042157C:\Users\sahil\Downloads\zip_10MB\zip_10MB2020-05-11T23:49:10ZeyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsIiwidW5pcXVlX25vIjoiMEAwMDAwMjAwMDNvTCIsInNwYXRoIjoic2FoaWwvRG93bmxvYWRzL3ppcF8xME1CL3ppcF8xME1CIiwiZG9jaWQiOiJ2ajB6QURraFJBQXdRREF3TURBeU1EQXdNMjlNIiwic2lkIjoxMzI3NCwiZGlkIjo0NDY0OTUzfQ==cec8ad914b1e9db83626b98e8d98512616975fdf132743358142

druva-endpoint-initiate-restore#


Restore Data to a replacement device. Delete a quarantined Snapshot. Warning: This command will restore your endpoint data from a prior day snapshot. Any changes since the snapshot date may be lost.

Base Command#

druva-endpoint-initiate-restore

Input#

Argument NameDescriptionRequired
source_resourceidSelect resource id to restore fromRequired
target_resourceidSelect resource id to restore toRequired
restore_locationSelect Target Restore Location: 1) Desktop - If you want to restore the data to the desktop on the target device. 2) Original - If you want to restore data to the same location from which it was backed up. 3) If you want to restore the data at a custom location, specify absolute path of the location. Example - /Users/username/DesktopRequired

Context Output#

There is no context output for this command.

Command Example#

Human Readable Output#

druva-endpoint-check-restore-status#


Check Restore Job Status

Base Command#

druva-endpoint-check-restore-status

Input#

Argument NameDescriptionRequired
restore_idJob ID of RestoreRequired

Context Output#

There is no context output for this command.

Command Example#

Human Readable Output#

druva-endpoint-decommission#


Remote Wipe Infected Endpoint Resource. Delete a quarantined Snapshot. Warning: This command will remote wipe data from the end point. This action can not be undone.

Base Command#

druva-endpoint-decommission

Input#

Argument NameDescriptionRequired
resource_idID of endpoint resource to be decommissionedRequired

Context Output#

There is no context output for this command.

Command Example#

Human Readable Output#