Skip to main content

Get host forensics - Generic

This Playbook is part of the Common Playbooks Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

This playbook retrieves forensics from hosts for the following integrations:

  • Illusive Networks
  • Microsoft Defender For Endpoint


This playbook uses the following sub-playbooks, integrations, and scripts.


  • Illusive-Collect-Forensics-On-Demand
  • Microsoft Defender For Endpoint - Collect investigation package


This playbook does not use any integrations.




This playbook does not use any commands.

Playbook Inputs#

NameDescriptionDefault ValueRequired
fqdn_or_ipIf using the Illusive Networks integration to retrieve additional forensics, provide the host fqdn_or_ip from which to get the forensics.Optional
start_dateDate_range must be "number date_range_unit", for example 2 hours, 4 minutes, 6 months, 1 day.Optional
end_dateDate_range must be "number date_range_unit" for example 2 hours, 4 minutes, 6 months, 1 day.Optional
machine_IDThe machine IDs of the systems you want to retrieve.Optional

Playbook Outputs#

There are no outputs for this playbook.

Playbook Image#

Get host forensics - Generic