Skip to main content

Druva Ransomware Response

This Integration is part of the Druva Pack.#

Druva Ransomware Response Integration provides ransomware protection for endpoints, SaaS applications and data center workloads for Druva Ransomware Recovery customers.

Configure Druva Ransomware Response in Cortex#

ParameterDescriptionRequired
Druva API URLTrue
Client IDTrue
Secret KeyTrue
Fetch indicatorsFalse
Indicator VerdictIndicators from this integration instance will be marked with this verdictFalse
Source ReliabilityReliability of the source providing the intelligence dataTrue
False
False
Feed Fetch IntervalFalse
Bypass exclusion listWhen selected, the exclusion list is ignored for indicators from this feed. This means that if an indicator from this feed is on the exclusion list, the indicator might still be added to the system.False

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

druva-find-device#


Finds device information for a specific hostname.

Base Command#

druva-find-device

Input#

Argument NameDescriptionRequired
search_stringThe full string or prefix from the data resource name to search.Required

Context Output#

PathTypeDescription
Druva.Resource.resourceIDnumberThe ID of the Resource.
Druva.Resource.resourceNamestringThe name of the Resource.
Druva.Resource.resourceTypeunknownThe type of the Resource.
Druva.Resource.resourceParentstringThe name of the resource user for a device or server.
Druva.Resource.orgIDunknownThe Organisation ID of device

Command Example#

!druva-find-device search_string=sah

Context Example#

{
"Druva": {
"Resource": {
"orgID": -1,
"resourceID": 4497505,
"resourceName": "SahilG-MBP",
"resourceParent": "Druva Integrations",
"resourceStatus": "enabled",
"resourceType": "Endpoint"
}
}
}

Human Readable Output#

Found Druva Devices#

orgIDresourceIDresourceNameresourceParentresourceStatusresourceType
-14497505SahilG-MBPDruva IntegrationsenabledEndpoint

druva-list-quarantine-ranges#


Lists all quarantine ranges in your environment.

Base Command#

druva-list-quarantine-ranges

Input#

Argument NameDescriptionRequired

Context Output#

PathTypeDescription
Druva.activeQuarantineRanges.resourceIDnumberThe ID of the resource.
Druva.activeQuarantineRanges.resourceNamestringThe name of the resource.
Druva.activeQuarantineRanges.resourceParentstringThe name of the resource user for a device or server.
Druva.activeQuarantineRanges.resourceTypestringThe type of the resource.
Druva.activeQuarantineRanges.fromDatestringThe start date of the quarantine.
Druva.activeQuarantineRanges.toDatestringThe end date of the quarantine.
Druva.activeQuarantineRanges.rangeIDunknownThe range ID of the quarantined resource.

Command Example#

!druva-list-quarantine-ranges

Context Example#

{
"Druva": {
"activeQuarantineRanges": {
"fromDate": "2020-07-13",
"orgID": -1,
"rangeID": 415,
"recoveryStatus": "None",
"resourceID": 4497505,
"resourceName": "SahilG-MBP",
"resourceParent": "Druva Integrations",
"resourcePlatform": "darwin",
"resourceType": "Endpoint",
"toDate": "2020-07-15",
"workload": "endpoints"
}
}
}

Human Readable Output#

Active quarantined Ranges#

fromDateorgIDrangeIDrecoveryStatusresourceIDresourceNameresourceParentresourcePlatformresourceTypetoDateworkload
2020-07-13-1415None4497505SahilG-MBPDruva IntegrationsdarwinEndpoint2020-07-15endpoints

druva-quarantine-resource#


Quarantines a resource.

Base Command#

druva-quarantine-resource

Input#

Argument NameDescriptionRequired
resource_idThe ID of the resource to quarantine.Required
resource_typeThe resource type to quarantine. Can be: "Endpoint", "File Server", or "NAS".Required
org_idSpecify your org id for NAS and File server for End points set org_id to -1.Optional
from_dateDate from which a quarantine range should start. If not provided, it is considered open ended. For example, 2020-10-25.Optional
to_dateDate from which a quarantine range should end. If not provided, it is considered open ended. For example, 2020-10-25.Optional

Context Output#

PathTypeDescription
Druva.QuarantinedRangeIDstringThe range ID of the Quarantined Resource.

Command Example#

!druva-quarantine-resource resource_id=4497505 resource_type=Endpoint from_date=2020-03-01 to_date=2020-03-10

Context Example#

{
"Druva": {
"QuarantinedRangeID": "445",
"activeQuarantineRanges": [
{
"fromDate": "2020-03-01",
"orgID": -1,
"rangeID": 445,
"recoveryStatus": "None",
"resourceID": 4497505,
"resourceName": "SahilG-MBP",
"resourceParent": "Druva Integrations",
"resourcePlatform": "darwin",
"resourceType": "Endpoint",
"toDate": "2020-03-10",
"workload": "endpoints"
},
{
"fromDate": "2020-07-13",
"orgID": -1,
"rangeID": 415,
"recoveryStatus": "None",
"resourceID": 4497505,
"resourceName": "SahilG-MBP",
"resourceParent": "Druva Integrations",
"resourcePlatform": "darwin",
"resourceType": "Endpoint",
"toDate": "2020-07-15",
"workload": "endpoints"
}
]
}
}

Human Readable Output#

Resource quarantined successfully#

RangeID
445

Active quarantined Ranges#

fromDateorgIDrangeIDrecoveryStatusresourceIDresourceNameresourceParentresourcePlatformresourceTypetoDateworkload
2020-03-01-1445None4497505SahilG-MBPDruva IntegrationsdarwinEndpoint2020-03-10endpoints
2020-07-13-1415None4497505SahilG-MBPDruva IntegrationsdarwinEndpoint2020-07-15endpoints

druva-delete-quarantine-range#


Deletes a quarantine range.

Base Command#

druva-delete-quarantine-range

Input#

Argument NameDescriptionRequired
range_idID of the range to be deleted.Required
resource_idThe resource ID for which the quarantine range is to be deleted.Required

Context Output#

There is no context output for this command.

Command Example#

!druva-delete-quarantine-range range_id=354 resource_id=3335062

Context Example#

{
"Druva": {
"deletedQuarantineRange": "354"
}
}

Human Readable Output#

Quarantine Range Deleted Successfully#

RangeID
354

druva-view-quarantine-range#


View details of the quarantine range.

Base Command#

druva-view-quarantine-range

Input#

Argument NameDescriptionRequired
range_idThe ID of the range to be viewed.Required
resource_idThe resource ID for which you would like to view the range.Required

Context Output#

There is no context output for this command.

Command Example#

!druva-view-quarantine-range range_id=415 resource_id=4497505

Context Example#

{
"Druva": {
"viewedQuarantineRange": {
"addedTime": "2020-07-13T07:58:46Z",
"fromDate": "2020-07-13",
"orgID": -1,
"rangeID": 415,
"recoveryStatus": "None",
"resourceID": 4497505,
"resourceName": "SahilG-MBP",
"resourceParent": "Druva Integrations",
"resourcePlatform": "darwin",
"resourceType": "Endpoint",
"toDate": "2020-07-15",
"workload": "endpoints"
}
}
}

Human Readable Output#

Range Details#

addedTimefromDateorgIDrangeIDrecoveryStatusresourceIDresourceNameresourceParentresourcePlatformresourceTypetoDateworkload
2020-07-13T07:58:46Z2020-07-13-1415None4497505SahilG-MBPDruva IntegrationsdarwinEndpoint2020-07-15endpoints

druva-update-quarantine-range#


Updates an existing quarantine range of a resource.

Base Command#

druva-update-quarantine-range

Input#

Argument NameDescriptionRequired
resource_idThe ID of the resource to be updated.Required
range_idThe ID of range to be updated.Required
resource_typeThe resource type to be updated. Can be: "Endpoint", "File Server", or "NAS".Required
from_dateThe date from which a quarantine range should start. If not provided, it is open-ended. For example, 2020-10-25.Optional
to_dateThe date from which a quarantine range should end. If not provided, it is open-ended. For example, 2020-10-25.Optional

Context Output#

PathTypeDescription
Druva.updatedQuarantineRangestringThe range ID of the updated quarantined range.

Command Example#

!druva-update-quarantine-range range_id=415 resource_id=4497505 from_date=2020-07-13 to_date=2020-07-15 resource_type=Endpoint

Context Example#

{
"Druva": {
"activeQuarantineRanges": [
{
"fromDate": "2020-07-13",
"orgID": -1,
"rangeID": 415,
"recoveryStatus": "None",
"resourceID": 4497505,
"resourceName": "SahilG-MBP",
"resourceParent": "Druva Integrations",
"resourcePlatform": "darwin",
"resourceType": "Endpoint",
"toDate": "2020-07-15",
"workload": "endpoints"
},
{
"fromDate": "2020-03-01",
"orgID": -1,
"rangeID": 445,
"recoveryStatus": "None",
"resourceID": 4497505,
"resourceName": "SahilG-MBP",
"resourceParent": "Druva Integrations",
"resourcePlatform": "darwin",
"resourceType": "Endpoint",
"toDate": "2020-03-10",
"workload": "endpoints"
}
],
"updatedQuarantineRange": "415"
}
}

Human Readable Output#

Range updated successfully#

RangeID
415

Active quarantined Ranges#

fromDateorgIDrangeIDrecoveryStatusresourceIDresourceNameresourceParentresourcePlatformresourceTypetoDateworkload
2020-07-13-1415None4497505SahilG-MBPDruva IntegrationsdarwinEndpoint2020-07-15endpoints
2020-03-01-1445None4497505SahilG-MBPDruva IntegrationsdarwinEndpoint2020-03-10endpoints

druva-list-quarantine-snapshots#


List all quarantine snapshots for a quarantine range.

Base Command#

druva-list-quarantine-snapshots

Input#

Argument NameDescriptionRequired
resource_idThe resource ID of the quarantined snapshots to view.Required
range_idThe range ID of the quarantined snapshots to view.Required

Context Output#

PathTypeDescription
Druva.quarantinedSnapshots.snapshotIDstringID of the quarantined snapshot.
Druva.quarantinedSnapshots.namestringName of the quarantined snapshot.

Command Example#

!druva-list-quarantine-snapshots range_id=415 resource_id=4497505

Context Example#

{
"Druva": {
"quarantinedSnapshots": [
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 15 2020, 14:15",
"snapshotID": "MTMyNzQtV2VkIEp1bCAxNSAxNDoxNTo0OCAyMDIw",
"snapshotName": "Jul 15 2020, 14:15",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 15 2020, 13:15",
"snapshotID": "MTMyNzQtV2VkIEp1bCAxNSAxMzoxNToyNiAyMDIw",
"snapshotName": "Jul 15 2020, 13:15",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 15 2020, 11:38",
"snapshotID": "MTMyNzQtV2VkIEp1bCAxNSAxMTozODoyMCAyMDIw",
"snapshotName": "Jul 15 2020, 11:38",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 15 2020, 10:38",
"snapshotID": "MTMyNzQtV2VkIEp1bCAxNSAxMDozODowNiAyMDIw",
"snapshotName": "Jul 15 2020, 10:38",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 15 2020, 06:51",
"snapshotID": "MTMyNzQtV2VkIEp1bCAxNSAwNjo1MTo0NSAyMDIw",
"snapshotName": "Jul 15 2020, 06:51",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 15 2020, 00:02",
"snapshotID": "MTMyNzQtV2VkIEp1bCAxNSAwMDowMjo0NyAyMDIw",
"snapshotName": "Jul 15 2020, 00:02",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 23:02",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAyMzowMjozNSAyMDIw",
"snapshotName": "Jul 14 2020, 23:02",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 22:02",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAyMjowMjoyMSAyMDIw",
"snapshotName": "Jul 14 2020, 22:02",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 21:02",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAyMTowMjowNyAyMDIw",
"snapshotName": "Jul 14 2020, 21:02",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 20:01",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAyMDowMTo1MCAyMDIw",
"snapshotName": "Jul 14 2020, 20:01",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 19:01",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAxOTowMTozNiAyMDIw",
"snapshotName": "Jul 14 2020, 19:01",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 18:01",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAxODowMToyNCAyMDIw",
"snapshotName": "Jul 14 2020, 18:01",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 17:01",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAxNzowMToxMCAyMDIw",
"snapshotName": "Jul 14 2020, 17:01",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 16:00",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAxNjowMDo1NSAyMDIw",
"snapshotName": "Jul 14 2020, 16:00",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 15:00",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAxNTowMDo0MSAyMDIw",
"snapshotName": "Jul 14 2020, 15:00",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 14:00",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAxNDowMDoyOCAyMDIw",
"snapshotName": "Jul 14 2020, 14:00",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 13:00",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAxMzowMDoxMyAyMDIw",
"snapshotName": "Jul 14 2020, 13:00",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 11:59",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAxMTo1OTo1NiAyMDIw",
"snapshotName": "Jul 14 2020, 11:59",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 10:55",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAxMDo1NTo0MiAyMDIw",
"snapshotName": "Jul 14 2020, 10:55",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 09:55",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAwOTo1NToxOSAyMDIw",
"snapshotName": "Jul 14 2020, 09:55",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 0,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 14 2020, 08:55",
"snapshotID": "MTMyNzQtVHVlIEp1bCAxNCAwODo1NTowNCAyMDIw",
"snapshotName": "Jul 14 2020, 08:55",
"snapshotSize": 105355564,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 0,
"updatedFiles": 0
},
{
"alertTypes": [],
"createdFiles": 67,
"deletedFiles": 0,
"encryptedFiles": 0,
"name": "Jul 13 2020, 01:02",
"snapshotID": "MTMyNzQtTW9uIEp1bCAxMyAwMTowMjoyNSAyMDIw",
"snapshotName": "Jul 13 2020, 01:02",
"snapshotSize": 228657822,
"status": "Snapshot Quarantined",
"totalFilesImpacted": 67,
"updatedFiles": 0
}
]
}
}

Human Readable Output#

Quarantined Snapshots#

alertTypescreatedFilesdeletedFilesencryptedFilesnamesnapshotIDsnapshotNamesnapshotSizestatustotalFilesImpactedupdatedFiles
000Jul 15 2020, 14:15MTMyNzQtV2VkIEp1bCAxNSAxNDoxNTo0OCAyMDIwJul 15 2020, 14:15105355564Snapshot Quarantined00
000Jul 15 2020, 13:15MTMyNzQtV2VkIEp1bCAxNSAxMzoxNToyNiAyMDIwJul 15 2020, 13:15105355564Snapshot Quarantined00
000Jul 15 2020, 11:38MTMyNzQtV2VkIEp1bCAxNSAxMTozODoyMCAyMDIwJul 15 2020, 11:38105355564Snapshot Quarantined00
000Jul 15 2020, 10:38MTMyNzQtV2VkIEp1bCAxNSAxMDozODowNiAyMDIwJul 15 2020, 10:38105355564Snapshot Quarantined00
000Jul 15 2020, 06:51MTMyNzQtV2VkIEp1bCAxNSAwNjo1MTo0NSAyMDIwJul 15 2020, 06:51105355564Snapshot Quarantined00
000Jul 15 2020, 00:02MTMyNzQtV2VkIEp1bCAxNSAwMDowMjo0NyAyMDIwJul 15 2020, 00:02105355564Snapshot Quarantined00
000Jul 14 2020, 23:02MTMyNzQtVHVlIEp1bCAxNCAyMzowMjozNSAyMDIwJul 14 2020, 23:02105355564Snapshot Quarantined00
000Jul 14 2020, 22:02MTMyNzQtVHVlIEp1bCAxNCAyMjowMjoyMSAyMDIwJul 14 2020, 22:02105355564Snapshot Quarantined00
000Jul 14 2020, 21:02MTMyNzQtVHVlIEp1bCAxNCAyMTowMjowNyAyMDIwJul 14 2020, 21:02105355564Snapshot Quarantined00
000Jul 14 2020, 20:01MTMyNzQtVHVlIEp1bCAxNCAyMDowMTo1MCAyMDIwJul 14 2020, 20:01105355564Snapshot Quarantined00
000Jul 14 2020, 19:01MTMyNzQtVHVlIEp1bCAxNCAxOTowMTozNiAyMDIwJul 14 2020, 19:01105355564Snapshot Quarantined00
000Jul 14 2020, 18:01MTMyNzQtVHVlIEp1bCAxNCAxODowMToyNCAyMDIwJul 14 2020, 18:01105355564Snapshot Quarantined00
000Jul 14 2020, 17:01MTMyNzQtVHVlIEp1bCAxNCAxNzowMToxMCAyMDIwJul 14 2020, 17:01105355564Snapshot Quarantined00
000Jul 14 2020, 16:00MTMyNzQtVHVlIEp1bCAxNCAxNjowMDo1NSAyMDIwJul 14 2020, 16:00105355564Snapshot Quarantined00
000Jul 14 2020, 15:00MTMyNzQtVHVlIEp1bCAxNCAxNTowMDo0MSAyMDIwJul 14 2020, 15:00105355564Snapshot Quarantined00
000Jul 14 2020, 14:00MTMyNzQtVHVlIEp1bCAxNCAxNDowMDoyOCAyMDIwJul 14 2020, 14:00105355564Snapshot Quarantined00
000Jul 14 2020, 13:00MTMyNzQtVHVlIEp1bCAxNCAxMzowMDoxMyAyMDIwJul 14 2020, 13:00105355564Snapshot Quarantined00
000Jul 14 2020, 11:59MTMyNzQtVHVlIEp1bCAxNCAxMTo1OTo1NiAyMDIwJul 14 2020, 11:59105355564Snapshot Quarantined00
000Jul 14 2020, 10:55MTMyNzQtVHVlIEp1bCAxNCAxMDo1NTo0MiAyMDIwJul 14 2020, 10:55105355564Snapshot Quarantined00
000Jul 14 2020, 09:55MTMyNzQtVHVlIEp1bCAxNCAwOTo1NToxOSAyMDIwJul 14 2020, 09:55105355564Snapshot Quarantined00
000Jul 14 2020, 08:55MTMyNzQtVHVlIEp1bCAxNCAwODo1NTowNCAyMDIwJul 14 2020, 08:55105355564Snapshot Quarantined00
6700Jul 13 2020, 01:02MTMyNzQtTW9uIEp1bCAxMyAwMTowMjoyNSAyMDIwJul 13 2020, 01:02228657822Snapshot Quarantined670

druva-delete-quarantined-snapshot#


Deletes a quarantined Snapshot. Snapshots that are deleted cannot be recovered.

Base Command#

druva-delete-quarantined-snapshot

Input#

Argument NameDescriptionRequired
resource_idThe resource ID to delete a quarantined snapshot.Required
snapshot_idThe ID of the snapshot to delete.Required
range_idThe range ID to delete a quarantined snapshot.Required

Context Output#

PathTypeDescription
Druva.quarantinedSnapshots.snapshotIDstringID of the quarantined snapshot.

Command Example#

!druva-delete-quarantined-snapshot range_id=415 resource_id=4497505 snapshot_id=MTMyNzQtV2VkIEp1bCAxNSAxMTozODoyMCAyMDIw

Context Example#

{}

Human Readable Output#

Snapshot Deleted successfully#

Snapshot ID
MTMyNzQtV2VkIEp1bCAxNSAxMTozODoyMCAyMDIw

druva-endpoint-search-file-hash#


Searches a file using the SHA1 checksum.

Base Command#

druva-endpoint-search-file-hash

Input#

Argument NameDescriptionRequired
sha1_checksumSHA1 checksum of the file to be searched.Required

Context Output#

PathTypeDescription
Druva.searchEndpointsFileHashResults.deviceIDstringThe device ID on the Endpoint.
Druva.searchEndpointsFileHashResults.fileNamestringName of the file on the Endpoint.
Druva.searchEndpointsFileHashResults.objectIDstringThe object ID on the Endpoint.
Druva.searchEndpointsFileHashResults.userIDstringThe user ID of the Endpoint.

Command Example#

!druva-endpoint-search-file-hash sha1_checksum=cec8ad914b1e9db83626b98e8d98512616975fdf

Context Example#

{
"Druva": {
"searchEndpointsFileHashResults": [
{
"creationTime": "2020-05-11T23:49:17Z",
"dataSource": "Devices",
"deviceID": 4464953,
"fileName": "file-example_PDF_1MB.pdf",
"fileSize": 1042157,
"folderPath": "C:\\Users\\sahil\\Documents\\zip_10MB\\zip_10MB",
"modificationTime": "2020-05-11T23:49:10Z",
"objectID": "eyJ2ZXJzaW9uIjoxNiwiZHZlciI6MCwiZnNldGRpciI6IkM6XFxVc2Vyc1xcc2FoaWxcXERvY3VtZW50cyIsInVuaXF1ZV9ubyI6IjBAMDAwMDEwMDAwMFxcIiwic3BhdGgiOiJ7e015IERvY3VtZW50c319L3ppcF8xME1CL3ppcF8xME1CIiwiZG9jaWQiOiJ2ajB6QURraFJBQXdRREF3TURBeE1EQXdNREJjIiwic2lkIjoxMzI3NCwiZGlkIjo0NDY0OTUzfQ==",
"sha1Checksum": "cec8ad914b1e9db83626b98e8d98512616975fdf",
"storageID": 13274,
"userID": 3358142
},
{
"creationTime": "2020-05-11T23:49:17Z",
"dataSource": "Devices",
"deviceID": 4464953,
"fileName": "file-example_PDF_1MB.pdf",
"fileSize": 1042157,
"folderPath": "C:\\Users\\sahil\\Documents\\zip_10MB\\zip_10MB",
"modificationTime": "2020-05-11T23:49:10Z",
"objectID": "eyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsXFxEb2N1bWVudHMiLCJ1bmlxdWVfbm8iOiIwQDAwMDAxQDAwMDEwIiwic3BhdGgiOiJEb2N1bWVudHMxL3ppcF8xME1CL3ppcF8xME1CIiwiZG9jaWQiOiJ2ajB6QURraFJBQXdRREF3TURBeFFEQXdNREV3Iiwic2lkIjoxMzI3NCwiZGlkIjo0NDY0OTUzfQ==",
"sha1Checksum": "cec8ad914b1e9db83626b98e8d98512616975fdf",
"storageID": 13274,
"userID": 3358142
},
{
"creationTime": "2020-05-11T23:49:20Z",
"dataSource": "Devices",
"deviceID": 4464953,
"fileName": "file-example_PDF_1MB.pdf",
"fileSize": 1042157,
"folderPath": "C:\\Users\\sahil\\Desktop\\zip_10MB\\zip_10MB",
"modificationTime": "2020-05-11T23:49:10Z",
"objectID": "eyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsXFxEZXNrdG9wIiwidW5pcXVlX25vIjoiMEAwMDAwMVAwMDAxWCIsInNwYXRoIjoiRGVza3RvcDEvemlwXzEwTUIvemlwXzEwTUIiLCJkb2NpZCI6InZqMHpBRGtoUkFBd1FEQXdNREF4VURBd01ERlkiLCJzaWQiOjEzMjc0LCJkaWQiOjQ0NjQ5NTN9",
"sha1Checksum": "cec8ad914b1e9db83626b98e8d98512616975fdf",
"storageID": 13274,
"userID": 3358142
},
{
"creationTime": "2020-05-11T23:49:20Z",
"dataSource": "Devices",
"deviceID": 4464953,
"fileName": "file-example_PDF_1MB.pdf",
"fileSize": 1042157,
"folderPath": "C:\\Users\\sahil\\Desktop\\zip_10MB\\zip_10MB",
"modificationTime": "2020-05-11T23:49:10Z",
"objectID": "eyJ2ZXJzaW9uIjoxNiwiZHZlciI6MCwiZnNldGRpciI6IkM6XFxVc2Vyc1xcc2FoaWxcXERlc2t0b3AiLCJ1bmlxdWVfbm8iOiIwQDAwMDAxYDAwMDBgIiwic3BhdGgiOiJ7e0Rlc2t0b3B9fS96aXBfMTBNQi96aXBfMTBNQiIsImRvY2lkIjoidmowekFEa2hSQUF3UURBd01EQXhZREF3TURCZyIsInNpZCI6MTMyNzQsImRpZCI6NDQ2NDk1M30=",
"sha1Checksum": "cec8ad914b1e9db83626b98e8d98512616975fdf",
"storageID": 13274,
"userID": 3358142
},
{
"creationTime": "2020-05-11T23:49:20Z",
"dataSource": "Devices",
"deviceID": 4464953,
"fileName": "file-example_PDF_1MB.pdf",
"fileSize": 1042157,
"folderPath": "C:\\Users\\sahil\\Desktop\\zip_10MB\\zip_10MB",
"modificationTime": "2020-05-11T23:49:10Z",
"objectID": "eyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsIiwidW5pcXVlX25vIjoiMEAwMDAwMjAwMDNsbCIsInNwYXRoIjoic2FoaWwvRGVza3RvcC96aXBfMTBNQi96aXBfMTBNQiIsImRvY2lkIjoidmowekFEa2hSQUF3UURBd01EQXlNREF3TTJ4cyIsInNpZCI6MTMyNzQsImRpZCI6NDQ2NDk1M30=",
"sha1Checksum": "cec8ad914b1e9db83626b98e8d98512616975fdf",
"storageID": 13274,
"userID": 3358142
},
{
"creationTime": "2020-05-11T23:49:17Z",
"dataSource": "Devices",
"deviceID": 4464953,
"fileName": "file-example_PDF_1MB.pdf",
"fileSize": 1042157,
"folderPath": "C:\\Users\\sahil\\Documents\\zip_10MB\\zip_10MB",
"modificationTime": "2020-05-11T23:49:10Z",
"objectID": "eyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsIiwidW5pcXVlX25vIjoiMEAwMDAwMjAwMDNuNCIsInNwYXRoIjoic2FoaWwvRG9jdW1lbnRzL3ppcF8xME1CL3ppcF8xME1CIiwiZG9jaWQiOiJ2ajB6QURraFJBQXdRREF3TURBeU1EQXdNMjQwIiwic2lkIjoxMzI3NCwiZGlkIjo0NDY0OTUzfQ==",
"sha1Checksum": "cec8ad914b1e9db83626b98e8d98512616975fdf",
"storageID": 13274,
"userID": 3358142
},
{
"creationTime": "2017-08-12T06:22:30Z",
"dataSource": "Devices",
"deviceID": 4464953,
"fileName": "file-example_PDF_1MB.pdf",
"fileSize": 1042157,
"folderPath": "C:\\Users\\sahil\\Downloads\\zip_10MB\\zip_10MB",
"modificationTime": "2020-05-11T23:49:10Z",
"objectID": "eyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsIiwidW5pcXVlX25vIjoiMEAwMDAwMjAwMDNvTCIsInNwYXRoIjoic2FoaWwvRG93bmxvYWRzL3ppcF8xME1CL3ppcF8xME1CIiwiZG9jaWQiOiJ2ajB6QURraFJBQXdRREF3TURBeU1EQXdNMjlNIiwic2lkIjoxMzI3NCwiZGlkIjo0NDY0OTUzfQ==",
"sha1Checksum": "cec8ad914b1e9db83626b98e8d98512616975fdf",
"storageID": 13274,
"userID": 3358142
}
]
}
}

Human Readable Output#

Search Results#

creationTimedataSourcedeviceIDfileNamefileSizefolderPathmodificationTimeobjectIDsha1ChecksumstorageIDuserID
2020-05-11T23:49:17ZDevices4464953file-example_PDF_1MB.pdf1042157C:\Users\sahil\Documents\zip_10MB\zip_10MB2020-05-11T23:49:10ZeyJ2ZXJzaW9uIjoxNiwiZHZlciI6MCwiZnNldGRpciI6IkM6XFxVc2Vyc1xcc2FoaWxcXERvY3VtZW50cyIsInVuaXF1ZV9ubyI6IjBAMDAwMDEwMDAwMFxcIiwic3BhdGgiOiJ7e015IERvY3VtZW50c319L3ppcF8xME1CL3ppcF8xME1CIiwiZG9jaWQiOiJ2ajB6QURraFJBQXdRREF3TURBeE1EQXdNREJjIiwic2lkIjoxMzI3NCwiZGlkIjo0NDY0OTUzfQ==cec8ad914b1e9db83626b98e8d98512616975fdf132743358142
2020-05-11T23:49:17ZDevices4464953file-example_PDF_1MB.pdf1042157C:\Users\sahil\Documents\zip_10MB\zip_10MB2020-05-11T23:49:10ZeyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsXFxEb2N1bWVudHMiLCJ1bmlxdWVfbm8iOiIwQDAwMDAxQDAwMDEwIiwic3BhdGgiOiJEb2N1bWVudHMxL3ppcF8xME1CL3ppcF8xME1CIiwiZG9jaWQiOiJ2ajB6QURraFJBQXdRREF3TURBeFFEQXdNREV3Iiwic2lkIjoxMzI3NCwiZGlkIjo0NDY0OTUzfQ==cec8ad914b1e9db83626b98e8d98512616975fdf132743358142
2020-05-11T23:49:20ZDevices4464953file-example_PDF_1MB.pdf1042157C:\Users\sahil\Desktop\zip_10MB\zip_10MB2020-05-11T23:49:10ZeyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsXFxEZXNrdG9wIiwidW5pcXVlX25vIjoiMEAwMDAwMVAwMDAxWCIsInNwYXRoIjoiRGVza3RvcDEvemlwXzEwTUIvemlwXzEwTUIiLCJkb2NpZCI6InZqMHpBRGtoUkFBd1FEQXdNREF4VURBd01ERlkiLCJzaWQiOjEzMjc0LCJkaWQiOjQ0NjQ5NTN9cec8ad914b1e9db83626b98e8d98512616975fdf132743358142
2020-05-11T23:49:20ZDevices4464953file-example_PDF_1MB.pdf1042157C:\Users\sahil\Desktop\zip_10MB\zip_10MB2020-05-11T23:49:10ZeyJ2ZXJzaW9uIjoxNiwiZHZlciI6MCwiZnNldGRpciI6IkM6XFxVc2Vyc1xcc2FoaWxcXERlc2t0b3AiLCJ1bmlxdWVfbm8iOiIwQDAwMDAxYDAwMDBgIiwic3BhdGgiOiJ7e0Rlc2t0b3B9fS96aXBfMTBNQi96aXBfMTBNQiIsImRvY2lkIjoidmowekFEa2hSQUF3UURBd01EQXhZREF3TURCZyIsInNpZCI6MTMyNzQsImRpZCI6NDQ2NDk1M30=cec8ad914b1e9db83626b98e8d98512616975fdf132743358142
2020-05-11T23:49:20ZDevices4464953file-example_PDF_1MB.pdf1042157C:\Users\sahil\Desktop\zip_10MB\zip_10MB2020-05-11T23:49:10ZeyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsIiwidW5pcXVlX25vIjoiMEAwMDAwMjAwMDNsbCIsInNwYXRoIjoic2FoaWwvRGVza3RvcC96aXBfMTBNQi96aXBfMTBNQiIsImRvY2lkIjoidmowekFEa2hSQUF3UURBd01EQXlNREF3TTJ4cyIsInNpZCI6MTMyNzQsImRpZCI6NDQ2NDk1M30=cec8ad914b1e9db83626b98e8d98512616975fdf132743358142
2020-05-11T23:49:17ZDevices4464953file-example_PDF_1MB.pdf1042157C:\Users\sahil\Documents\zip_10MB\zip_10MB2020-05-11T23:49:10ZeyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsIiwidW5pcXVlX25vIjoiMEAwMDAwMjAwMDNuNCIsInNwYXRoIjoic2FoaWwvRG9jdW1lbnRzL3ppcF8xME1CL3ppcF8xME1CIiwiZG9jaWQiOiJ2ajB6QURraFJBQXdRREF3TURBeU1EQXdNMjQwIiwic2lkIjoxMzI3NCwiZGlkIjo0NDY0OTUzfQ==cec8ad914b1e9db83626b98e8d98512616975fdf132743358142
2017-08-12T06:22:30ZDevices4464953file-example_PDF_1MB.pdf1042157C:\Users\sahil\Downloads\zip_10MB\zip_10MB2020-05-11T23:49:10ZeyJ2ZXJzaW9uIjoxNiwiZHZlciI6MTcsImZzZXRkaXIiOiJDOlxcVXNlcnNcXHNhaGlsIiwidW5pcXVlX25vIjoiMEAwMDAwMjAwMDNvTCIsInNwYXRoIjoic2FoaWwvRG93bmxvYWRzL3ppcF8xME1CL3ppcF8xME1CIiwiZG9jaWQiOiJ2ajB6QURraFJBQXdRREF3TURBeU1EQXdNMjlNIiwic2lkIjoxMzI3NCwiZGlkIjo0NDY0OTUzfQ==cec8ad914b1e9db83626b98e8d98512616975fdf132743358142

druva-endpoint-initiate-restore#


Restores data to a replacement device and deletes a quarantined Snapshot. This command restores your endpoint data from a day prior to the snapshot. Any changes made after the snapshot date may be lost.

Base Command#

druva-endpoint-initiate-restore

Input#

Argument NameDescriptionRequired
source_resourceidSelect a Resource ID in which to restore. .Required
target_resourceidSelect a Resource ID in which to restore.Required
restore_locationSpecify the target Restore Location. Can be: "Desktop" - if you want to restore the data to the desktop on the target device, "Original" - if you want to restore data to the same location from which it was backed up, or to restore the data to a custom location, specify the absolute path of the location. For example, /Users/username/Desktop.Required

Context Output#

There is no context output for this command.

druva-endpoint-check-restore-status#


Checks the restore job status of the endpoint.

Base Command#

druva-endpoint-check-restore-status

Input#

Argument NameDescriptionRequired
restore_idThe restore ID of the job.Required

Context Output#

There is no context output for this command.

druva-endpoint-decommission#


Wipes remotely an infected Endpoint Resource and deletes a quarantined Snapshot. This command remote wipes data from the endpoint. This action cannot be undone.

Base Command#

druva-endpoint-decommission

Input#

Argument NameDescriptionRequired
resource_idID of endpoint resource to be decommissioned.Required

Context Output#

There is no context output for this command.

druva-find-user#


Finds user information for a specific username.

Base Command#

druva-find-user

Input#

Argument NameDescriptionRequired
user_stringComplete user name or p.Required

Context Output#

PathTypeDescription
Druva.User.userIDunknownThe full string or prefix from the user name to search.

Command example#

!druva-find-user user_string=rit1

Context Example#

{
"Druva": {
"User": [
{
"emailID": "test@test.com",
"userID": 10000135,
"userName": "test"
},
{
"emailID": "test123@test.com",
"userID": 10000154,
"userName": "test123"
}
]
}
}

Human Readable Output#

Found Druva users#

emailIDuserIDuserName
test@test.com10000135test
test123@test.com10000154test123

druva-find-userDevice#


Finds device information for a specific user.

Base Command#

druva-find-userDevice

Input#

Argument NameDescriptionRequired
userIDThe userID to search.Required

Context Output#

PathTypeDescription
Druva.Resource.resourceIDstringThe ID of the Resource.
Druva.Resource.resourceTypestringThe type of the Resource.

Command example#

!druva-find-userDevice userID=10000135

Context Example#

{
"Druva": {
"Resource": [
{
"profileID": 183,
"resourceID": 10000105,
"resourceName": "DDSPL1571N",
"resourceStatus": "Enabled",
"resourceType": "Endpoint",
"userID": 10000135,
"userName": "rit1"
},
{
"profileID": 183,
"resourceID": 10000103,
"resourceName": "rit1's OneDrive",
"resourceStatus": "Enabled",
"resourceType": "OneDrive",
"userID": 10000135,
"userName": "rit1"
},
{
"profileID": 183,
"resourceID": 10000104,
"resourceName": "rit1's Google Drive",
"resourceStatus": "Enabled",
"resourceType": "Google Drive",
"userID": 10000135,
"userName": "rit1"
}
]
}
}

Human Readable Output#

Found Druva Devices#

profileIDresourceIDresourceNameresourceStatusresourceTypeuserIDuserName
18310000105DDSPL1571NEnabledEndpoint10000135rit1
18310000103rit1's OneDriveEnabledOneDrive10000135rit1
18310000104rit1's Google DriveEnabledGoogle Drive10000135rit1

druva-find-sharePointSites#


Find all share point resources with given user name

Base Command#

druva-find-sharePointSites

Input#

Argument NameDescriptionRequired
search_stringThe full string or prefix from the share point url to search.Required

Context Output#

PathTypeDescription
Druva.Resource.resourceIDunknownThe ID of the Resource.
Druva.Resource.resourceTypeunknownThe type of the Resource.

Command example#

!druva-find-sharePointSites search_string="auto_restore_XQ9OBZ"

Context Example#

{
"Druva": {
"Resource": {
"resourceID": 53,
"resourceName": "auto_restore_XQ9OBZ",
"resourceParentName": "https://druvainternal.sharepoint.com/sites/auto_restore_XQ9OBZ",
"resourceStatus": "Disabled",
"resourceType": "SharePoint",
"siteType": "Other Site"
}
}
}

Human Readable Output#

Found Druva Devices#

resourceIDresourceNameresourceParentNameresourceStatusresourceTypesiteType
53auto_restore_XQ9OBZhttps://druvainternal.sharepoint.com/sites/auto_restore_XQ9OBZDisabledSharePointOther Site

druva-find-sharedDrives#


Finds shared drives resources specific to share drive name

Base Command#

druva-find-sharedDrives

Input#

Argument NameDescriptionRequired
search_stringThe full string or prefix from the share drive name to search.Required

Context Output#

PathTypeDescription
Druva.Resource.resourceIDunknownThe ID of the Resource.
Druva.Resource.resourceTypeunknownThe type of the Resource.

Command example#

!druva-find-sharedDrives search_string="rahul_drive"

Context Example#

{
"Druva": {
"Resource": {
"resourceID": 104,
"resourceName": "rahul_drive",
"resourceParentName": "https://drive.google.com/drive/folders/0AIL1ax7fcxDKUk9PVA",
"resourceStatus": "Enabled",
"resourceType": "Shared Drive"
}
}
}

Human Readable Output#

Found Druva Devices#

resourceIDresourceNameresourceParentNameresourceStatusresourceType
104rahul_drivehttps://drive.google.com/drive/folders/0AIL1ax7fcxDKUk9PVAEnabledShared Drive