Skip to main content

MAR - Endpoint data collection

This Playbook is part of the McAfee Active Response Pack.#

Use McAfee Active Response to collect data from an endpoint for IR purposes (requires ePO as well).

Input:

  • Hostname (Default: ${Endpoint.Hostname})

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • McAfee ePO v2
  • McAfee Active Response

Scripts#

  • Exists

Commands#

  • mar-search-multiple
  • epo-find-system

Playbook Inputs#


NameDescriptionDefault ValueRequired
HostnameHostname to run on.Endpoint.HostnameOptional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


MAR - Endpoint data collection