Common Playbooks Pack.#This Playbook is part of the
Supported Cortex XSOAR versions: 6.0.0 and later.
This playbook retrieves forensics from hosts for the following integrations:
- Illusive Networks
- Microsoft Defender For Endpoint.
This playbook uses the following sub-playbooks, integrations, and scripts.
- Microsoft Defender For Endpoint - Collect investigation package
This playbook does not use any integrations.
This playbook does not use any commands.
|If using the Illusive Networks integration to retrieve additional forensics, provide the host fqdn_or_ip from which to get the forensics.
|Date_range must be "number date_range_unit", for example 2 hours, 4 minutes, 6 months, 1 day.
|Date_range must be "number date_range_unit" for example 2 hours, 4 minutes, 6 months, 1 day.
|Provide the machine IDs of the systems you want to retrieve.
|An object containing the machine action details.
|Microsoft Defender For Endpoint machine action details.
|An object containing evidence from Illusive Networks.
|The forensics evidence details.
|The event ID.
|The forensics evidence ID.
|The evidence source.
|Whether the forensics evidence has been starred.
|Date and time of the forensics evidence.
|The forensics evidence description.
|Ab object containing the Incident ID in Illusive Networks.
|The incident ID.