Code42 File Search

This playbook searches for files via Code42 security events by either MD5 or SHA256 hash. The data is output to the Code42.SecurityData context for use.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

This playbook does not use any integrations.

Scripts

This playbook does not use any scripts.

Commands

  • code42-securitydata-search

Playbook Inputs


NameDescriptionDefault ValueRequired
MD5MD5 hash to search forFile.MD5Optional
SHA256SHA256 hash to search forFile.SHA256Optional

Playbook Outputs


PathDescriptionType
Code42.SecurityDataReturned File Resultsunknown
Code42.SecurityData.EventTimestampTimestamp for eventunknown
Code42.SecurityData.FileCreatedFile creation dateunknown
Code42.SecurityData.EndpointIDCode42 device IDunknown
Code42.SecurityData.DeviceUsernameUsername that device is associated with in Code42unknown
Code42.SecurityData.EmailFromSender email address for email exfiltration eventsunknown
Code42.SecurityData.EmailToRecipient email address for email exfiltration eventsunknown
Code42.SecurityData.EmailSubjectEmail subject line for email exfiltration eventsunknown
Code42.SecurityData.EventIDSecurity Data event IDunknown
Code42.SecurityData.EventTypeType of Security Data eventunknown
Code42.SecurityData.FileCategoryType of file as determined by Code42 engineunknown
Code42.SecurityData.FileOwnerOwner of fileunknown
Code42.SecurityData.FileNameFile nameunknown
Code42.SecurityData.FilePathPath to fileunknown
Code42.SecurityData.FileSizeSize of file in bytesunknown
Code42.SecurityData.FileModifiedFile modification dateunknown
Code42.SecurityData.FileMD5MD5 hash of fileunknown
Code42.SecurityData.FileHostnameHostname where file event was capturedunknown
Code42.SecurityData.DevicePrivateIPAddressPrivate IP addresses of device where event was capturedunknown
Code42.SecurityData.DevicePublicIPAddressPublic IP address of device where event was capturedunknown
Code42.SecurityData.RemovableMediaTypeType of removable mediaunknown
Code42.SecurityData.RemovableMediaCapacityTotal capacity of removable media in bytesunknown
Code42.SecurityData.RemovableMediaMediaNameFull name of removable mediaunknown
Code42.SecurityData.RemovableMediaNameName of removable mediaunknown
Code42.SecurityData.RemovableMediaSerialNumberSerial number for removable medial deviceunknown
Code42.SecurityData.RemovableMediaVendorVendor name for removable deviceunknown
Code42.SecurityData.FileSHA256SHA256 hash of fileunknown
Code42.SecurityData.FileSharedWhether file is shared using cloud file serviceunknown
Code42.SecurityData.FileSharedWithAccounts that file is shared with on cloud file serviceunknown
Code42.SecurityData.SourceSource of file event, Cloud or Endpointunknown
Code42.SecurityData.ApplicationTabURLURL associated with application read eventunknown
Code42.SecurityData.ProcessNameProcess name for application read eventunknown
Code42.SecurityData.ProcessOwnerProcess owner for application read eventunknown
Code42.SecurityData.WindowTitleProcess name for application read eventunknown
Code42.SecurityData.FileURLURL of file on cloud file serviceunknown
Code42.SecurityData.ExposureExposure type for eventunknown
Code42.SecurityData.SharingTypeAddedType of sharing added to fileunknown
FileThe file object.unknown
File.NameFile nameunknown
File.PathFile pathunknown
File.SizeFile size in bytesunknown
File.MD5MD5 hash of fileunknown
File.SHA256SHA256 hash of fileunknown
File.HostnameHostname where file event was capturedunknown

Playbook Image


Code42 File Search