Block File - Carbon Black Response

Receives an MD5 hash and adds it to the blacklist in Carbon Black Enterprise Response. Files with that MD5 hash are blocked from execution on the managed endpoints.

If the integration is disabled at the time of running, or if the hash is already on the blacklist, no action is taken on the MD5.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

This playbook does not use any integrations.

Scripts

This playbook does not use any scripts.

Commands

  • cb-get-hash-blacklist
  • cb-block-hash

Playbook Inputs


NameDescriptionDefault ValueSourceRequired
MD5The MD5 hash of the file you want to block.MD5FileOptional

Playbook Outputs


PathDescriptionType
CbResponse.BlockedHashes.LastBlock.TimeThe last block time.unknown
CbResponse.BlockedHashes.LastBlock.HostnameThe last block hostname.unknown
CbResponse.BlockedHashes.LastBlock.CbSensorIDThe last block sensor ID.unknown

Playbook Image


Block_File_Carbon_Black_Response