Endpoint Enrichment - Generic v2

Enriches an endpoint by hostname using one or more integrations.

Currently, the following integrations are supported:

  • Active Directory
  • McAfee ePolicy Orchestrator
  • Carbon Black Enterprise Response
  • Cylance Protect
  • CrowdStrike Falcon Host

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • CrowdStrike Endpoint Enrichment

Integrations

  • Cylance Protect
  • epo
  • carbonblack

Scripts

  • ADGetComputer
  • Exists

Commands

  • cb-sensor-info
  • epo-find-system
  • cylance-protect-get-devices

Playbook Inputs


NameDescriptionDefault ValueSourceRequired
HostnameThe hostname of the endpoint to enrich.HostnameEndpointOptional

Playbook Outputs


PathDescriptionType
EndpointThe endpoint object of the endpoint that was enriched.unknown
Endpoint.HostnameThe hostnames of the endpoints that were enriched.string
Endpoint.OSThe operating systems running on the endpoints that were enriched.string
Endpoint.IPA list of the IP addresses of the endpoints.unknown
Endpoint.MACA list of the MAC addresses of the endpoints that were enriched.unknown
Endpoint.DomainThe domain names of the endpoints that were enriched.string

Playbook Image


Endpoint_Enrichment_Generic_v2