Get File Sample By Hash - Generic v3

This playbook returns a file sample correlating to a hash in the War Room using the following sub-playbooks:

  • Get binary file by MD5 hash from Carbon Black telemetry data - VMware Carbon Black EDR v2.
  • Get the threat (file) attached to a specific SHA256 hash - Cylance Protect v2.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Get File Sample By Hash - Cylance Protect v2
  • Get the binary file from Carbon Black by its MD5 hash
  • Code42 File Download

Integrations#

This playbook does not use any integrations.

Scripts#

This playbook does not use any scripts.

Commands#

This playbook does not use any commands.

Playbook Inputs#


NameDescriptionDefault ValueRequired
MD5The MD5 hash value for the file to retrieve.Optional
SHA256The SHA256 hash value for the file to retrieve.Optional
NewFilenameA new name for the retrieved file. If left empty, the filename will not change.Optional

Playbook Outputs#


PathDescriptionType
File.SizeThe size of the file.number
File.TypeThe type of the file.string
File.InfoGeneral information of the file.string
File.MD5The MD5 hash of the file.string
File.SHA1The SHA1 hash of the file.string
File.SHA256The SHA256 hash of the file.string
File.SHA512The SHA512 hash of the file.string
File.SSDeepThe SSDeep of the file.string
File.ExtensionThe file extension.string
File.EntryIDThe file entry ID.string
File.NameThe file name.string

Playbook Image#


Get File Sample By Hash - Generic v3