Block File - Generic v2

Blocks files from running on endpoints.

This playbook supports the following integrations:

  • Palo Alto Networks Traps
  • Cybereason
  • Carbon Black Enterprise Response
  • Cylance Protect v2

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • Block File - Cylance Protect v2
  • Block File - Cybereason
  • Traps Quarantine Event
  • Traps Blacklist File
  • Block File - Carbon Black Response

Integrations

This playbook does not use any integrations.

Scripts

This playbook does not use any scripts.

Commands

This playbook does not use any commands.

Playbook Inputs


NameDescriptionDefault ValueSourceRequired
MD5The MD5 hash of the file you want to block.MD5FileOptional
SHA256The SHA256 hash of the file you want to block.SHA256FileOptional
EventIdThe Taps event ID that contains the malicious file to block.--Optional

Playbook Outputs


PathDescriptionType
CbResponse.BlockedHashes.LastBlock.TimeThe last block time.unknown
CbResponse.BlockedHashes.LastBlock.HostnameThe last block hostname.unknown
CbResponse.BlockedHashes.LastBlock.CbSensorIDThe last block sensor ID.unknown

Playbook Image


Block_File_Generic_v2