Search Endpoints By Hash - Carbon Black Protection

Hunts for endpoint activity involving hash IOCs, using Carbon Black Protection.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

  • carbonblackprotection

Scripts

  • CBPCatalogFindHash
  • Exists
  • CBPFindRule
  • Set

Commands

  • cbp-computer-get

Playbook Inputs


NameDescriptionDefault ValueSourceRequired
HashThe MD5 file Hash to hunt for.MD5FileOptional

Playbook Outputs


PathDescriptionType
Endpoint.HostnameThe device hostname.string
EndpointThe endpoint.unknown

Playbook Image


Search_Endpoints_By_Hash_Carbon_Black_Protection