Skip to main content

File Enrichment - Generic

This Playbook is part of the Deprecated Content (Deprecated) Pack.#


Use "File Enrichment - Generic v2" playbook instead.

DEPRECATED. Use "File Enrichment - Generic v2" playbook instead. Enriches a file using one or more integrations.

File enrichment includes:

  • File history
  • Threat information
  • File reputation


This playbook uses the following sub-playbooks, integrations, and scripts.


  • File Enrichment - File reputation
  • File Enrichment - Virus Total private API


  • Cylance Protect v2


This playbook does not use any scripts.


  • cylance-protect-get-threat

Playbook Inputs#

NameDescriptionDefault ValueSourceRequired
MD5The MD5 hash to enrich.MD5FileOptional
SHA256The SHA256 hash to enrich.SHA256FileOptional
SHA1The SHA1 hash to enrich.SHA1FileOptional

Playbook Outputs#

DBotScore.IndicatorThe tested indicator.string
DBotScore.TypeThe type of the indicator.string
File.SHA1The SHA1 hash of the file.string
File.SHA256The SHA256 hash of the file.string
File.Malicious.VendorThe vendor that made the decision that the file is malicious.string
File.MD5The MD5 hash of the file.string
DBotScoreThe DBotScore's object.unknown
FileThe file's object.unknown
DBotScore.VendorThe vendor used to calculate the score.string
DBotScore.ScoreThe actual score.number
File.VirusTotal.ScansThe scan object.unknown
File.VirusTotal.Scans.SourceThe scan vendor for this hash.unknown
File.VirusTotal.Scans.DetectedThe scan detection for this hash. Can be, "True" or "False".unknown
File.VirusTotal.Scans.ResultThe scan result for this hash. For example, signature, etc.unknown

Playbook Image#