Skip to main content

Anomali Enterprise Forensic Search

This Playbook is part of the Anomali Enterprise Pack.#

Initiates a Forensic Search on IOCs in Anomali Match.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • GenericPolling

Integrations#

  • Anomali Match

Scripts#

This playbook does not use any scripts.

Commands#

  • anomali-enterprise-retro-forensic-search-results
  • anomali-enterprise-retro-forensic-search

Playbook Inputs#

NameDescriptionDefault ValueRequired
fromFirst appearance time range e.g., 1 hour, 30 minutes).Required
toLast appearance time range e.g., 1 hour, 30 minutes). Default is now.Optional
indicatorsIndicators to search.Required

Playbook Outputs#

PathDescriptionType
AnomaliEnterprise.ForensicSearch.job_idJob ID of the search.string
AnomaliEnterprise.ForensicSearch.statusStatus of the search.string
AnomaliEnterprise.ForensicSearch.scannedEventsNumber of scanned events.number
AnomaliEnterprise.ForensicSearch.processedFilesNumber of processed files.number
AnomaliEnterprise.ForensicSearch.result_file_nameMatched file name.string
AnomaliEnterprise.ForensicSearch.totalMatchesNumber of total matches.number
AnomaliEnterprise.ForensicSearch.completeWhether the search was complete.boolean
AnomaliEnterprise.ForensicSearch.categorySearch category.string
AnomaliEnterprise.ForensicSearch.streamResultsStream results for the search.unknown
Edit this page
Report an Issue