MAR - Endpoint data collection

Collects data using McAfee Active Response, from an endpoint for IR purposes (requires ePO as well).

Input:

Hostname (Default: ${Endpoint.Hostname})

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

This playbook does not use any sub-playbooks.

Integrations

McAfee Active Response

Scripts

Exists
EPOFindSystem

Commands

mar-search-multiple

Playbook Inputs

Name	Description	Default Value	Required
Hostname	The hostname to run on.	${Endpoint.Hostname}	Optional

Playbook Outputs

There are no outputs for this playbook.

Playbook Image

MAR_Endpoint_data_collection

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

MAR - Endpoint data collection

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image

PAN-OS

Cortex Data Lake

Cortex XSOAR

PAN-OS

Cortex Data Lake

Cortex XSOAR

#Dependencies

#Sub-playbooks

#Integrations

#Scripts

#Commands

#Playbook Inputs

#Playbook Outputs

#Playbook Image

Dependencies

Sub-playbooks

Integrations

Scripts

Commands

Playbook Inputs

Playbook Outputs

Playbook Image