MDE - Host Advanced Hunting
Microsoft Defender for Endpoint Pack.#
This Playbook is part of theSupported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
This playbook uses the Microsoft Defender For Endpoint Advanced Hunting feature. The hunt is executed based on the provided inputs.
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooks- MDE - Host Advanced Hunting For Network Activity
- MDE - Host Advanced Hunting For Powershell Executions
- MDE - Host Advanced Hunting For Persistence
#
IntegrationsMicrosoftDefenderAdvancedThreatProtection
#
ScriptsThis playbook does not use any scripts.
#
Commands- microsoft-atp-advanced-hunting-privilege-escalation
- setIncident
- microsoft-atp-advanced-hunting-tampering
- microsoft-atp-advanced-hunting-lateral-movement-evidence
- microsoft-atp-get-file-info
#
Playbook InputsName | Description | Default Value | Required |
---|---|---|---|
FileSha1 | A comma-separated list of file SHA1 hashes to hunt. | Optional | |
FileSha256 | A comma-separated list of file Sha256 hashes to hunt. | Optional | |
IP | A comma-separated list of IPs to hunt. | Optional | |
DeviceName | A comma-separated list of host names to hunt. | Optional | |
FileName | A comma-separated list of file names to hunt. | Optional | |
DeviceID | A comma-separated list of device ID to hunt. | Optional | |
FileMd5 | A comma-separated list of file MD5 hashes to hunt. | Optional |
#
Playbook OutputsThere are no outputs for this playbook.