CBLiveGetFile_V2

This automation translate endpoint (hostname/IP) to sensor id, Than it downloads given file paths by opening session and closing it.

Script Data


NameDescription
Script Typepython3
Tagscarbon-black, endpoint
Demisto Version4.1.0

Inputs


Argument NameDescription
endpointhostname of a Carbon Black sensor (Could be IP).
pathComma seprated files path to download from the endpoint..
timeoutSession timeout (ms).

Outputs


PathDescriptionType
CbLiveResponse.Commands.CbCommandIDUnique command identifier.Number
CbLiveResponse.Commands.CommandNameThe command name.String
CbLiveResponse.Commands.StatusThe command Status ('pending', 'in progress', 'complete', 'error', 'canceled').String
CbLiveResponse.Commands.CommandCompletionTimeThe command completion time (0 if not complete).String
CbLiveResponse.Commands.OperandObjectThe source path of the file.String
CbLiveResponse.Commands.FileIDUnique file ID.Number
CbLiveResponse.File.SizeFile size.String
CbLiveResponse.File.SHA1File SHA1.String
CbLiveResponse.File.SHA256File SHA256.String
CbLiveResponse.File.NameFile name.String
CbLiveResponse.File.SSDeepFile SSDeep.String
CbLiveResponse.File.EntryIDFile EntryID.Number
CbLiveResponse.File.InfoFile info.String
CbLiveResponse.File.TypeFile type.String
CbLiveResponse.File.MD5File MD5.String
CbLiveResponse.File.ExtensionFile extension.String

Command Example

!CBLiveGetFile_v2 endpoint=EC2AMAZ-L4C2OKC path="c:\\Users\\All Users\\Desktop\\mooncake.jpg" timeout=2000

Context Example

{
"CbLiveResponse": {
"Commands": {
"CbCommandID": 2,
"CbSensorID": 17,
"CbSessionID": 356,
"CommandCompletionTime": 1540229207.655335,
"CommandName": "get file",
"CreateTime": 1540229207.608662,
"FileID": 1,
"OperandObject": "c:\\Users\\All Users\\Desktop\\mooncake.jpg",
"Result": {
"Code": 0,
"Desc": "",
"Type": "WinHresult"
},
"Status": "complete"
}
},
"File": {
"EntryID": "168@583490",
"Extension": "jpg",
"Info": "image/jpeg",
"MD5": "1fe52b291d16c7f9a6eaf43074024011",
"Name": "mooncake.jpg",
"SHA1": "30bd2461d6cee80227bcf557a6fd47922b96263c",
"SHA256": "a87b0fa1006b301b7ef2259cfa9aed2ff12c15217796b5dd08b36e006a137cd2",
"SSDeep": "192:pAzQbZ/ujghzcZHcsWw6o6E7ODeADcBwjZ4P:pAzG/ujgh6xCo60ODe3wj8",
"Size": 11293,
"Type": "data\n"
}
}

Human Readable Output

Files downloaded from endpoint EC2AMAZ-L4C2OKC

File IDFile Path
1"c:\Users\All Users\Desktop\mooncake.jpg"