Block File - Generic v2

This playbook is used to block files from running on endpoints. This playbook supports the following integrations:

  • Palo Alto Networks Traps
  • Palo Alto Networks Cortex XDR
  • Cybereason
  • Carbon Black Enterprise Response
  • Cylance Protect v2

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Cortex XDR - Block File
  • Block File - Cylance Protect v2
  • Block File - Carbon Black Response
  • Traps Quarantine Event
  • Traps Blacklist File
  • Block File - Cybereason

Integrations#

This playbook does not use any integrations.

Scripts#

This playbook does not use any scripts.

Commands#

This playbook does not use any commands.

Playbook Inputs#


NameDescriptionDefault ValueRequired
MD5The MD5 hash of the file you want to block.File.MD5Optional
SHA256The SHA256 hash of the file you want to block.File.SHA256Optional
EventIdTraps event ID that contains the malicious file to block.Optional

Playbook Outputs#


PathDescriptionType
CbResponse.BlockedHashes.LastBlock.TimeLast block timeunknown
CbResponse.BlockedHashes.LastBlock.HostnameLast block hostnameunknown
CbResponse.BlockedHashes.LastBlock.CbSensorIDLast block sensor IDunknown

Playbook Image#


Block File - Generic v2