Get File Sample From Path - Generic V2

This playbook returns a file sample correlating to a path into the War Room using the following sub-playbooks: inputs: 1) Get File Sample From Path - D2. 2) Get File Sample From Path - VMware Carbon Black EDR (Live Response API).

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • Get File Sample From Path - D2
  • Get File Sample From Path - VMware Carbon Black EDR - Live Response API

Integrations

This playbook does not use any integrations.

Scripts

This playbook does not use any scripts.

Commands

This playbook does not use any commands.

Playbook Inputs


NameDescriptionDefault ValueRequired
UseD2Determines whether a D2 agent will be used to retrieve the file.
Options:
no (default)
yes
Optional
HostnameHostname of the machine on which the file is located.Optional
PathThe path of the file to retrieve.
For example:
C:\users\folder\file.txt
Optional
Agent_IDThe ID of the agent in the relevant integration (such as EDR).Optional

Playbook Outputs


PathDescriptionType
File.SizeThe size of the file.number
File.TypeThe type of the file.string
File.InfoGeneral information of the file.string
File.MD5The MD5 hash of the file.string
File.SHA1The SHA1 hash of the file.string
File.SHA256The SHA256 hash of the file.string
File.SHA512The SHA512 hash of the file.string
File.EntryIDThe file entry ID.string
File.ExtensionThe file extension.string
File.NameThe file name.string
File.SSDeepFile SSDeep.string

Playbook Image


Get File Sample From Path - Generic V2