Skip to main content

Get File Sample - Generic

This Playbook is part of the Common Playbooks Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

Retrieve files from endpoints by the file hash or the file path.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Get File Sample From Path - Generic V3
  • Unzip File
  • Get File Sample By Hash - Generic v3

Integrations#

This playbook does not use any integrations.

Scripts#

This playbook does not use any scripts.

Commands#

This playbook does not use any commands.

Playbook Inputs#


NameDescriptionDefault ValueRequired
MD5The MD5 hash of the file to retrieve.File.MD5Optional
SHA256The SHA256 hash of the file to retrieve.File.SHA256Optional
HostnameThe hostname from which to retrieve the file.Endpoint.HostnameOptional
AgentIDThe agent ID that should be used to retrieve the file.incident.agentidOptional
FilePathThe full path to the file that needs to be retrieved.incident.filepathOptional
NewFilenameOptional. A new name for the retrieved file. If left empty, the filename will not change.Optional
UnzipFileWhether to unzip zipped files after retrieving them.Optional
ZipToolThe tool used to unzip the file. The options are: 7z, zipfile.Optional
ZipPasswordThe password used to unzip zipped files.Optional

Playbook Outputs#


PathDescriptionType
FileFile objects. Includes the zipped file and any unzipped files.unknown
File.SizeThe size of the file.number
File.TypeThe type of the file.string
File.InfoGeneral information about the file.string
File.MD5The MD5 hash of the file.string
File.SHA1The SHA1 hash of the file.string
File.SHA256The SHA256 hash of the file.string
File.SHA512The SHA512 hash of the file.string
File.SSDeepThe SSDeep of the file.string
File.ExtensionThe file extension.string
File.EntryIDThe file entry ID.string
File.NameThe file name.string
ExtractedFilesFiles that were unzipped.unknown

Playbook Image#


Get File Sample - Generic