Get File Sample By Hash - Generic v3

This playbook returns a file sample correlating to a hash in the War Room using the following sub-playbooks:

  • Get binary file by MD5 hash from Carbon Black telemetry data - VMware Carbon Black EDR v2.
  • Get the threat (file) attached to a specific SHA256 hash - Cylance Protect v2.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • Get the binary file from Carbon Black by its MD5 hash
  • Get File Sample By Hash - Cylance Protect v2

Integrations

This playbook does not use any integrations.

Scripts

This playbook does not use any scripts.

Commands

This playbook does not use any commands.

Playbook Inputs


NameDescriptionDefault ValueRequired
MD5The MD5 hash value for the file to retrieve.Optional
SHA256The SHA256 hash value for the file to retrieve.Optional

Playbook Outputs


PathDescriptionType
File.SizeThe size of the file.number
File.TypeThe type of the file.string
File.InfoGeneral information of the file.string
File.MD5The MD5 hash of the file.string
File.SHA1The SHA1 hash of the file.string
File.SHA256The SHA256 hash of the file.string
File.SHA512The SHA512 hash of the file.string
File.SSDeepThe SSDeep of the file.string
File.ExtensionThe file extension.string
File.EntryIDThe file entry ID.string
File.NameThe file name.string

Playbook Image


Get File Sample By Hash - Generic v3