Block File - Carbon Black Response
Carbon Black Enterprise Response Pack.#
This Playbook is part of theReceives an MD5 hash and adds it to the block list in Carbon Black Enterprise Response. Files with that MD5 hash are blocked from execution on the managed endpoints.
If the integration is disabled at the time of running, or if the hash is already on the block list, no action is taken on the MD5.
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooksThis playbook does not use any sub-playbooks.
#
IntegrationsThis playbook does not use any integrations.
#
ScriptsThis playbook does not use any scripts.
#
Commands- cb-get-hash-blacklist
- cb-block-hash
#
Playbook InputsName | Description | Default Value | Source | Required |
---|---|---|---|---|
MD5 | The MD5 hash of the file you want to block. | MD5 | File | Optional |
#
Playbook OutputsPath | Description | Type |
---|---|---|
CbResponse.BlockedHashes.LastBlock.Time | The last block time. | unknown |
CbResponse.BlockedHashes.LastBlock.Hostname | The last block hostname. | unknown |
CbResponse.BlockedHashes.LastBlock.CbSensorID | The last block sensor ID. | unknown |