File Enrichment - Generic v2

Enriches a file using one or more integrations.

  • Provide threat information

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • File Enrichment - Virus Total Private API

Integrations

  • Cylance Protect v2

Scripts

This playbook does not use any scripts.

Commands

  • cylance-protect-get-threat

Playbook Inputs


NameDescriptionDefault ValueSourceRequired
MD5The MD5 hash to enrich.MD5FileOptional
SHA256The SHA256 hash to enrich.SHA256FileOptional
SHA1The SHA1 hash to enrich.SHA1FileOptional

Playbook Outputs


PathDescriptionType
DBotScore.IndicatorThe indicator that was tested.string
DBotScore.TypeThe indicator type.string
File.SHA1The SHA1 hash of the file.string
File.SHA256The SHA256 hash of the file.string
File.Malicious.VendorThe vendor that made the decision that the file is malicious.string
File.MD5The MD5 hash of the file.string
DBotScoreThe DBotScore object.unknown
FileThe file object.unknown
DBotScore.VendorThe vendor used to calculate the score.string
DBotScore.ScoreThe actual score.number
File.VirusTotal.ScansThe scan object.unknown
File.VirusTotal.Scans.SourceThe vendor that scanned this hash.unknown
File.VirusTotal.Scans.DetectedWhether a scan was detected for this hash. Can be, "True" or "False".unknown
File.VirusTotal.Scans.ResultScan result for this hash. For example, signature, etc.unknown

Playbook Image


File_Enrichment_Generic_v2