Skip to main content

Block File - Generic v2

This Playbook is part of the Common Playbooks Pack.#

This playbook is used to block files from running on endpoints. This playbook supports the following integrations:

  • Palo Alto Networks Traps
  • Palo Alto Networks Cortex XDR
  • Cybereason
  • Carbon Black Enterprise Response
  • Cylance Protect v2
  • Crowdstrike Falcon
  • Microsoft Defender for Endpoint.


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Cortex XDR - Block File
  • Block File - Carbon Black Response
  • MDE - Block File
  • Block File - Cylance Protect v2
  • Block File - Cybereason
  • CrowdStrike Falcon - Block File


This playbook does not use any integrations.


This playbook does not use any scripts.


This playbook does not use any commands.

Playbook Inputs#

NameDescriptionDefault ValueRequired
MD5The MD5 hash of the file you want to block.File.MD5Optional
SHA256The SHA256 hash of the file you want to block.File.SHA256Optional
HashIn this input you can insert either MD5 or SHA256 that you wish to block.Optional

Playbook Outputs#

CbResponse.BlockedHashes.LastBlock.TimeLast block time.unknown
CbResponse.BlockedHashes.LastBlock.HostnameLast block hostname.unknown
CbResponse.BlockedHashes.LastBlock.CbSensorIDLast block sensor ID.unknown

Playbook Image#

Block File - Generic v2