MAR - Endpoint data collection

Collects data using McAfee Active Response, from an endpoint for IR purposes (requires ePO as well).

Input:

  • Hostname (Default: ${Endpoint.Hostname})

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

  • McAfee Active Response

Scripts

  • Exists
  • EPOFindSystem

Commands

  • mar-search-multiple

Playbook Inputs


NameDescriptionDefault ValueRequired
HostnameThe hostname to run on.${Endpoint.Hostname}Optional

Playbook Outputs


There are no outputs for this playbook.

Playbook Image


MAR_Endpoint_data_collection