Endpoint Enrichment - Generic v2
This Playbook is part of the Deprecated Content (Deprecated) Pack.#
Deprecated
Use "Endpoint Enrichment - Generic v2.1" playbook instead.
DEPRECATED. Use "Endpoint Enrichment - Generic v2.1" playbook instead. Enriches an endpoint by hostname using one or more integrations.
Currently, the following integrations are supported:
- Active Directory
- McAfee ePolicy Orchestrator
- Carbon Black Enterprise Response
- Cylance Protect
- CrowdStrike Falcon Host
Dependencies#
This playbook uses the following sub-playbooks, integrations, and scripts.
Sub-playbooks#
- CrowdStrike Endpoint Enrichment
Integrations#
- Cylance Protect
- epo
- carbonblack
Scripts#
- ADGetComputer
- Exists
Commands#
- cb-sensor-info
- epo-find-system
- cylance-protect-get-devices
Playbook Inputs#
| Name | Description | Default Value | Source | Required |
|---|---|---|---|---|
| Hostname | The hostname of the endpoint to enrich. | Hostname | Endpoint | Optional |
Playbook Outputs#
| Path | Description | Type |
|---|---|---|
| Endpoint | The endpoint object of the endpoint that was enriched. | unknown |
| Endpoint.Hostname | The hostnames of the endpoints that were enriched. | string |
| Endpoint.OS | The operating systems running on the endpoints that were enriched. | string |
| Endpoint.IP | A list of the IP addresses of the endpoints. | unknown |
| Endpoint.MAC | A list of the MAC addresses of the endpoints that were enriched. | unknown |
| Endpoint.Domain | The domain names of the endpoints that were enriched. | string |
Playbook Image#
