Malware Investigation - Generic - Setup

Verifies a file sample and hostname information for the "Malware Investigation - Generic" playbook. If the file sample or hostname are missing, the playbook will attempt to retrieve them using one or more integrations.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • Get File Sample By Hash - Generic
  • Get File Sample From Path - Generic
  • Search Endpoints By Hash - Generic

Integrations

This playbook does not use any integrations.

Scripts

  • Set

Commands

This playbook does not use any commands.

Playbook Inputs


NameDescriptionDefault ValueSourceRequired
FileThe malware sample to investigate.NoneFileOptional
MD5The MD5 hash to investigate.MD5FileOptional
SHA1The SHA1 hash to investigate.SHA1FileOptional
SHA256The SHA256 hash to investigate.SHA256FileOptional
HostnameThe hostname to investigateHostnameEndpointOptional
PathThe file path to get the sample from.PathFileOptional

Playbook Outputs


PathDescriptionType
EndpointThe endpoint.unknown
Endpoint.HostnameThe device hostname.string
FileThe file sample object.unknown

Playbook Image


Malware_Investigation_Generic_Setup