Supported Cortex XSOAR versions: 6.10.0 and later.
This playbook searches for files via Code42 security events by either MD5 or SHA256 hash. The data is output to the Code42.FileEvents context for use.
This playbook uses the following sub-playbooks, integrations, and scripts.
This playbook does not use any sub-playbooks.
This playbook does not use any scripts.
|MD5||MD5 hash to search for||File.MD5||Optional|
|SHA256||SHA256 hash to search for||File.SHA256||Optional|
|Code42.FileEvents||Returned File Results||unknown|
|Code42.FileEvents.timestamp||The timestamp when the event occurred.||date|
|Code42.FileEvents.event||Summary information about the event, including date observed, event type, and event source.||unknown|
|Code42.FileEvents.user||Details about the user associated with the event (if any).||unknown|
|Code42.FileEvents.destination||Details about the destination target of the event (if any).||unknown|
|Code42.FileEvents.process||Details about the CPU process involved in the event (if any).||unknown|
|Code42.FileEvents.risk||Details overall risk severity for the event and lists all associated risk indicators.||unknown|
|Code42.FileEvents.git||Details about git repository involved in event (if any).||unknown|
|Code42.FileEvents.report||Details about Salesforce reports involved in the event (if any).||unknown|
|Code42.FileEvents.file||Details about file metadata for file involved in the event (if any).||unknown|
|Code42.FileEvents.source||Info about the origin of a file involved in the event (if any).||unknown|