Skip to main content

Block File - Carbon Black Response

This Playbook is part of the Carbon Black Enterprise Response Pack.#

Receives an MD5 hash and adds it to the block list in Carbon Black Enterprise Response. Files with that MD5 hash are blocked from execution on the managed endpoints.

If the integration is disabled at the time of running, or if the hash is already on the block list, no action is taken on the MD5.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

This playbook does not use any integrations.

Scripts#

This playbook does not use any scripts.

Commands#

  • cb-get-hash-blacklist
  • cb-block-hash

Playbook Inputs#


NameDescriptionDefault ValueSourceRequired
MD5The MD5 hash of the file you want to block.MD5FileOptional

Playbook Outputs#


PathDescriptionType
CbResponse.BlockedHashes.LastBlock.TimeThe last block time.unknown
CbResponse.BlockedHashes.LastBlock.HostnameThe last block hostname.unknown
CbResponse.BlockedHashes.LastBlock.CbSensorIDThe last block sensor ID.unknown

Playbook Image#


Block_File_Carbon_Black_Response