Block File - Carbon Black Response

Receives an MD5 hash and adds it to the blacklist in Carbon Black Enterprise Response. Files with that MD5 hash are blocked from execution on the managed endpoints.

If the integration is disabled at the time of running, or if the hash is already on the blacklist, no action is taken on the MD5.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

This playbook does not use any integrations.

Scripts

This playbook does not use any scripts.

Commands

cb-get-hash-blacklist
cb-block-hash

Playbook Inputs

Name	Description	Default Value	Source	Required
MD5	The MD5 hash of the file you want to block.	MD5	File	Optional

Playbook Outputs

Path	Description	Type
CbResponse.BlockedHashes.LastBlock.Time	The last block time.	unknown
CbResponse.BlockedHashes.LastBlock.Hostname	The last block hostname.	unknown
CbResponse.BlockedHashes.LastBlock.CbSensorID	The last block sensor ID.	unknown

Playbook Image

Block_File_Carbon_Black_Response

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

Block File - Carbon Black Response

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

Dependencies#

Sub-playbooks#

Integrations#

Scripts#

Commands#

Playbook Inputs#

Playbook Outputs#

Playbook Image#

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image