Skip to main content

Get endpoint details - Generic

Supported versions

Supported Cortex XSOAR versions: 5.5.0 and later.

This playbook uses the generic command !endpoint to retrieve details on a specific endpoint. This command currently supports the following integrations:

  • Palo Alto Networks Cortex XDR - Investigation and Response.
  • CrowdStrike Falcon.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

This playbook does not use any integrations.

Scripts#

Set

Commands#

endpoint

Playbook Inputs#


NameDescriptionDefault ValueRequired
Endpoint_idThe ID of the endpoint that you want to get details about.Optional
Endpoint_ipThe IP of the endpoint that you want to get details about.Optional
Endpoint_hostnameThe hostname of the endpoint that you want to get details about.Optional

Playbook Outputs#


PathDescriptionType
Endpoint.HostnameThe endpoint's hostname.string
Endpoint.OSThe endpoint's operation system.string
Endpoint.IPAddressThe endpoint's IP address.string
Endpoint.IDThe endpoint's ID.string
Endpoint.StatusThe endpoint's status.string
Endpoint.IsIsolatedEndpoint isolation status.string
Endpoint.MACAddressEndpoint MAC Address.string
Endpoint.VendorThe integration name of the endpoint vendor.string

Playbook Image#


Get endpoint details - Generic