Endpoint Enrichment - Generic v2
Deprecated
Use "Endpoint Enrichment - Generic v2.1" playbook instead.
DEPRECATED. Use "Endpoint Enrichment - Generic v2.1" playbook instead. Enriches an endpoint by hostname using one or more integrations.
Currently, the following integrations are supported:
- Active Directory
- McAfee ePolicy Orchestrator
- Carbon Black Enterprise Response
- Cylance Protect
- CrowdStrike Falcon Host
Dependencies
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks
- CrowdStrike Endpoint Enrichment
Integrations
- Cylance Protect
- epo
- carbonblack
Scripts
- ADGetComputer
- Exists
Commands
- cb-sensor-info
- epo-find-system
- cylance-protect-get-devices
Playbook Inputs
Name | Description | Default Value | Source | Required |
---|---|---|---|---|
Hostname | The hostname of the endpoint to enrich. | Hostname | Endpoint | Optional |
Playbook Outputs
Path | Description | Type |
---|---|---|
Endpoint | The endpoint object of the endpoint that was enriched. | unknown |
Endpoint.Hostname | The hostnames of the endpoints that were enriched. | string |
Endpoint.OS | The operating systems running on the endpoints that were enriched. | string |
Endpoint.IP | A list of the IP addresses of the endpoints. | unknown |
Endpoint.MAC | A list of the MAC addresses of the endpoints that were enriched. | unknown |
Endpoint.Domain | The domain names of the endpoints that were enriched. | string |