Windows Forensics Pack.#This Playbook is part of the
Supported Cortex XSOAR versions: 6.0.0 and later.
This playbook allows the user to analyze forensic evidence acquired from a host, such as registry files, memory dump files, and PCAP files.
This playbook uses the following sub-playbooks, integrations, and scripts.
- Registry Parse Data Analysis
- PCAP Search
This playbook does not use any integrations.
This playbook does not use any scripts.
This playbook does not use any commands.
|PcapEntryID||The entryid for the PCAP file to analyze.||Optional|
|RegistryEntryId||The entryid for the registry file to analyze.||Optional|
There are no outputs for this playbook.