MDE - Retrieve File
Microsoft Defender for Endpoint Pack.#
This Playbook is part of theSupported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
This playbook uses the Live Response feature to retrieve a file from an endpoint.
Note that the endpoint id will be set from the incident field "Device ID".
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooksThis playbook does not use any sub-playbooks.
#
IntegrationsMicrosoftDefenderAdvancedThreatProtection
#
Scripts- isError
- UnzipFile
#
Commandsmicrosoft-atp-live-response-get-file
#
Playbook InputsName | Description | Default Value | Required |
---|---|---|---|
paths | File paths to be provided. | Optional |
#
Playbook OutputsThere are no outputs for this playbook.