Skip to main content

File Enrichment - Generic v2

This Playbook is part of the Common Playbooks Pack.#

Enrich a file using one or more integrations.

  • Provide threat information

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • File Enrichment - Virus Total (API v3)

Integrations#

  • Cylance Protect v2

Scripts#

This playbook does not use any scripts.

Commands#

  • file
  • cylance-protect-get-threat

Playbook Inputs#


NameDescriptionDefault ValueRequired
MD5File MD5 hash to enrich.File.MD5Optional
SHA256The file SHA256 hash to enrich.File.SHA256Optional
SHA1The file SHA1 hash to enrich.File.SHA1Optional
UseReputationCommandDefine if you would like to use the !file command.
Note: This input should be used whenever there is no auto-extract enabled in the investigation flow.
Possible values: True / False.
FalseRequired

Playbook Outputs#


PathDescriptionType
DBotScore.IndicatorThe indicator that was tested.string
DBotScore.TypeThe indicator type.string
File.SHA1SHA1 hash of the file.string
File.SHA256SHA256 hash of the file.string
File.Malicious.VendorFor malicious files, the vendor that made the decision.string
File.MD5MD5 hash of the file.string
DBotScoreThe DBotScore object.unknown
FileThe file objectunknown
DBotScore.VendorVendor used to calculate the score.string
DBotScore.ScoreThe actual score.number
File.VirusTotal.ScansThe scan object.unknown
File.VirusTotal.Scans.SourceVendor that scanned this hash.unknown
File.VirusTotal.Scans.DetectedWhether a scan was detected for this hash (True/False).unknown
File.VirusTotal.Scans.ResultScan result for this hash - signature, etc.unknown

Playbook Image#


File Enrichment - Generic v2