CrowdStrike Falcon Pack.#This Playbook is part of the
Supported Cortex XSOAR versions: 6.5.0 and later.
This playbook is part of the 'Malware Investigation And Response' pack. For more information, refer to https://xsoar.pan.dev/docs/reference/packs/malware-investigation-and-response. This playbook retrieves and unzips files from CrowdStrike Falcon and returns a list of the files that were and were not retrieved.
This playbook uses the following sub-playbooks, integrations, and scripts.
This playbook does not use any sub-playbooks.
|HostId||The ID of the host to use.||Optional|
|PathsToGet||The paths to retrieve the files from the host.||Optional|
|ZipPassword||The default password to unzip files retrieved by CrowdStrike Falcon.||infected||Optional|
|FileNames||The names of the file to retrieve. Used to validate that all the intended files were retrieved, not to specify which ones will be retrieved.||Optional|
|ExtractedFiles||A list of file names that were extracted from the ZIP file.||string|
|NonRetrievedFiles||A list of file names that were not retrieved.||string|