Skip to main content

Acquire And Analyze Host Forensics

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

This playbook enables gathering forensic data from a host and analyzing the acquired data by using the relevant forensics automations.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Forensics Tools Analysis
  • PS-Remote Acquire Host Forensics

Integrations#

This playbook does not use any integrations.

Scripts#

This playbook does not use any scripts.

Commands#

This playbook does not use any commands.

Playbook Inputs#


NameDescriptionDefault ValueRequired
HostA single hostname or IP address from which to acquire the forensic data. For example, testpc01.Optional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


Acquire And Analyze Host Forensics