MAR - Endpoint data collection

Collects data using McAfee Active Response, from an endpoint for IR purposes (requires ePO as well).

Input:

Hostname (Default: ${Endpoint.Hostname})

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

McAfee Active Response

Scripts

Exists
EPOFindSystem

Commands

mar-search-multiple

Playbook Inputs

Name	Description	Default Value	Required
Hostname	The hostname to run on.	${Endpoint.Hostname}	Optional

Playbook Outputs

There are no outputs for this playbook.

Playbook Image

MAR_Endpoint_data_collection

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

MAR - Endpoint data collection

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

Dependencies#

Sub-playbooks#

Integrations#

Scripts#

Commands#

Playbook Inputs#

Playbook Outputs#

Playbook Image#

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image