Supported Cortex XSOAR versions: 6.5.0 and later.
This playbook is part of the ‘Malware Investigation And Response’ pack. For more information, refer to https://xsoar.pan.dev/docs/reference/packs/malware-investigation-and-response. This playbook uses the Live Response feature to retrieve a file from an endpoint. The playbook supports a supplied machine id as an input. Otherwise, it will take the Device ID incident field. The playbook supports only one element to be retrieved for each task (if needed more then one - use the playbook loop feature).
This playbook uses the following sub-playbooks, integrations, and scripts.
This playbook does not use any sub-playbooks.
|The file paths to be provided.
|The ID of the machine.
|A list of file names that were extracted from the ZIP file.
|The machine action status.