Skip to main content

Server Message Block (SMB) v2

Files and Directories management with an SMB server. Supports SMB2 and SMB3 protocols.

Configure Server Message Block (SMB) v2 on Cortex XSOAR#

  1. Navigate to Settings > Integrations > Servers & Services.

  2. Search for Server Message Block (SMB) v2.

  3. Click Add instance to create and configure a new integration instance.

    ParameterDescriptionRequired
    Server IP / Hostname (e.g. 1.2.3.4)False
    PortFalse
    Domain ControllerThe domain controller hostname. This is useful for environments with DFS servers as it is used to identify the DFS domain information automatically.False
    UsernameFalse
    Client GUIDThe client machine name to identify the client to the server on a new connection.False
    Force EncryptionForce encryption on the connection, requires SMBv3 or newer on the remote server. Default is "false".False
    Secure Dialect NegotiationValidate the negotiation info when connecting to a share. More information can be found on https://docs.microsoft.com/en-us/archive/blogs/openspecification/smb3-secure-dialect-negotiationFalse
  4. Click Test to validate the URLs, token, and connection.

Commands#

You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

smb-download#


Downloads a file from the server.

Base Command#

smb-download

Input#

Argument NameDescriptionRequired
file_pathThe path to the file, starting from the share, for example: Share/Folder/File. This field is case-insensitive.Required
hostnameServer IP address / hostname. If empty, the hostname from the instance configuration is used.Optional
usernameThe username to use when creating a new SMB session. If empty, the username from the instance configuration is used.Optional
passwordThe password to use for authentication. If empty, the password from the instance configuration is used.Optional

Context Output#

PathTypeDescription
File.SizenumberFile size.
File.SHA1stringSHA1 hash of the file.
File.SHA256stringSHA256 hash of the file.
File.NamestringFile name.
File.SSDeepstringSSDeep hash of the file.
File.EntryIDstringFile entry ID.
File.InfostringInformation about the file.
File.TypestringFile type.
File.MD5stringMD5 hash of the file.

Command Example#

!smb-download file_path=Shared/Tests/Test.txt

Context Example#

{
"File": {
"EntryID": "2837@51c113de-6213-4aea-8beb-d4b88551f7f8",
"Extension": "txt",
"Info": "text/plain; charset=utf-8",
"MD5": "ce114e4501d2f4e2dcea3e17b546f339",
"Name": "Test.txt",
"SHA1": "a54d88e06612d820bc3be72877c74f257b561b19",
"SHA256": "c7be1ed902fb8dd4d48997c6452f5d7e509fbcdbe2808b16bcf4edce4c07d14e",
"SHA512": "a028d4f74b602ba45eb0a93c9a4677240dcf281a1a9322f183bd32f0bed82ec72de9c3957b2f4c9a1ccf7ed14f85d73498df38017e703d47ebb9f0b3bf116f69",
"SSDeep": "3:hMCEpn:hup",
"Size": 14,
"Type": "ASCII text, with no line terminators"
}
}

Human Readable Output#

smb-upload#


Uploads a file to the server.

Base Command#

smb-upload

Input#

Argument NameDescriptionRequired
file_pathThe path to the file, starting from the share, for example: Share/Folder/File. This field is case-insensitive.Required
hostnameServer IP address / hostname. If empty, the hostname from the instance configuration is used.Optional
usernameThe username to use when creating a new SMB session. If empty, the username from the instance configuration is used.Optional
passwordThe password to use for authentication. If empty, the password from the instance configuration is used.Optional
entryIDEntryID of the file to send to the share.Optional
contentFile content to send to the share. Ignored if EntryID argument is specified.Optional

Context Output#

There is no context output for this command.

Command Example#

!smb-upload file_path=Shared/Tests/Test.txt content="This is a test"

Human Readable Output#

File Test.txt was uploaded successfully

smb-directory-list#


Returns a list containing the names of the entries in the directory given by path.

Base Command#

smb-directory-list

Input#

Argument NameDescriptionRequired
pathThe path to the directory, starting from the share, for example: Share/Folder. This field is case-insensitive.Required
hostnameServer IP address / hostname. If empty, the hostname from the instance configuration is used.Optional
usernameThe username to use when creating a new SMB session. If empty, the username from the instance configuration is used.Optional
passwordThe password to use for authentication. If empty, the password from the instance configuration is used.Optional

Context Output#

PathTypeDescription
SMB.Path.SharedFolderStringThe full path of the shared folder.
SMB.Path.FilesUnknownList of files under the shared folder.
SMB.Path.DirectoriesUnknownList of directories under the shared folder.

Command Example#

!smb-directory-list path=Shared

Context Example#

{
"SMB": {
"Path": {
"Directories": [
"Tests"
],
"Files": [
"123.txt",
"test.jpg"
],
"SharedFolder": "127.0.0.1/Shared"
}
}
}

Human Readable Output#

List Of Entries for 127.0.0.1/Shared#

DirectoriesFilesSharedFolder
Tests123.txt,
test.jpg
127.0.0.1/Shared

smb-file-remove#


Removes a file from the server.

Base Command#

smb-file-remove

Input#

Argument NameDescriptionRequired
file_pathThe path to the file, starting from the share, for example: Share/Folder/File. This field is case-insensitive.Required
hostnameServer IP address / hostname. If empty, the hostname from the instance configuration is used.Optional
usernameThe username to use when creating a new SMB session. If empty, the username from the instance configuration is used.Optional
passwordThe password to use for authentication. If empty, the password from the instance configuration is used.Optional

Context Output#

There is no context output for this command.

Command Example#

!smb-file-remove file_path=Shared/Tests/Test.txt

Human Readable Output#

File Test.txt was deleted successfully

smb-directory-create#


Creates a new directory under the given path.

Base Command#

smb-directory-create

Input#

Argument NameDescriptionRequired
pathThe path to the directory, starting from the share, for example: Share/NewFolder. This field is case-insensitive.Required
hostnameServer IP address / hostname. If empty, the hostname from the instance configuration is used.Optional
usernameThe username to use when creating a new SMB session. If empty, the username from the instance configuration is used.Optional
passwordThe password to use for authentication. If empty, the password from the instance configuration is used.Optional

Context Output#

There is no context output for this command.

Command Example#

!smb-directory-create path=Shared/Tests

Human Readable Output#

Directory: 127.0.0.1/Shared/Tests was created successfully

smb-directory-remove#


Removes a directory from the given path.

Base Command#

smb-directory-remove

Input#

Argument NameDescriptionRequired
pathThe path to the directory, starting from the share, for example: Share/NewFolder. This field is case-insensitive.Required
hostnameServer IP address / hostname. If empty, the hostname from the instance configuration is used.Optional
usernameThe username to use when creating a new SMB session. If empty, the username from the instance configuration is used.Optional
passwordThe password to use for authentication. If empty, the password from the instance configuration is used.Optional

Context Output#

There is no context output for this command.

Command Example#

!smb-directory-remove path=Shared/Tests

Human Readable Output#

Directory: 127.0.0.1/Shared/Tests was removed successfully