Code42 File Search
This playbook searches for files via Code42 security events by either MD5 or SHA256 hash. The data is output to the Code42.SecurityData context for use.
Dependencies
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks
This playbook does not use any sub-playbooks.
Integrations
This playbook does not use any integrations.
Scripts
This playbook does not use any scripts.
Commands
- code42-securitydata-search
Playbook Inputs
Name | Description | Default Value | Required |
---|---|---|---|
MD5 | MD5 hash to search for | File.MD5 | Optional |
SHA256 | SHA256 hash to search for | File.SHA256 | Optional |
Playbook Outputs
Path | Description | Type |
---|---|---|
Code42.SecurityData | Returned File Results | unknown |
Code42.SecurityData.EventTimestamp | Timestamp for event | unknown |
Code42.SecurityData.FileCreated | File creation date | unknown |
Code42.SecurityData.EndpointID | Code42 device ID | unknown |
Code42.SecurityData.DeviceUsername | Username that device is associated with in Code42 | unknown |
Code42.SecurityData.EmailFrom | Sender email address for email exfiltration events | unknown |
Code42.SecurityData.EmailTo | Recipient email address for email exfiltration events | unknown |
Code42.SecurityData.EmailSubject | Email subject line for email exfiltration events | unknown |
Code42.SecurityData.EventID | Security Data event ID | unknown |
Code42.SecurityData.EventType | Type of Security Data event | unknown |
Code42.SecurityData.FileCategory | Type of file as determined by Code42 engine | unknown |
Code42.SecurityData.FileOwner | Owner of file | unknown |
Code42.SecurityData.FileName | File name | unknown |
Code42.SecurityData.FilePath | Path to file | unknown |
Code42.SecurityData.FileSize | Size of file in bytes | unknown |
Code42.SecurityData.FileModified | File modification date | unknown |
Code42.SecurityData.FileMD5 | MD5 hash of file | unknown |
Code42.SecurityData.FileHostname | Hostname where file event was captured | unknown |
Code42.SecurityData.DevicePrivateIPAddress | Private IP addresses of device where event was captured | unknown |
Code42.SecurityData.DevicePublicIPAddress | Public IP address of device where event was captured | unknown |
Code42.SecurityData.RemovableMediaType | Type of removable media | unknown |
Code42.SecurityData.RemovableMediaCapacity | Total capacity of removable media in bytes | unknown |
Code42.SecurityData.RemovableMediaMediaName | Full name of removable media | unknown |
Code42.SecurityData.RemovableMediaName | Name of removable media | unknown |
Code42.SecurityData.RemovableMediaSerialNumber | Serial number for removable medial device | unknown |
Code42.SecurityData.RemovableMediaVendor | Vendor name for removable device | unknown |
Code42.SecurityData.FileSHA256 | SHA256 hash of file | unknown |
Code42.SecurityData.FileShared | Whether file is shared using cloud file service | unknown |
Code42.SecurityData.FileSharedWith | Accounts that file is shared with on cloud file service | unknown |
Code42.SecurityData.Source | Source of file event, Cloud or Endpoint | unknown |
Code42.SecurityData.ApplicationTabURL | URL associated with application read event | unknown |
Code42.SecurityData.ProcessName | Process name for application read event | unknown |
Code42.SecurityData.ProcessOwner | Process owner for application read event | unknown |
Code42.SecurityData.WindowTitle | Process name for application read event | unknown |
Code42.SecurityData.FileURL | URL of file on cloud file service | unknown |
Code42.SecurityData.Exposure | Exposure type for event | unknown |
Code42.SecurityData.SharingTypeAdded | Type of sharing added to file | unknown |
File | The file object. | unknown |
File.Name | File name | unknown |
File.Path | File path | unknown |
File.Size | File size in bytes | unknown |
File.MD5 | MD5 hash of file | unknown |
File.SHA256 | SHA256 hash of file | unknown |
File.Hostname | Hostname where file event was captured | unknown |