MDE - Retrieve File
Microsoft Defender for Endpoint Pack.#
This Playbook is part of theSupported versions
Supported Cortex XSOAR versions: 6.5.0 and later.
This playbook is part of the 'Malware Investigation And Response' pack. For more information, refer to https://xsoar.pan.dev/docs/reference/packs/malware-investigation-and-response. This playbook uses the Live Response feature to retrieve a file from an endpoint./nNote that the endpoint id will be set from the incident field "Device ID".
#
DependenciesThis playbook uses the following sub-playbooks, integrations, and scripts.
#
Sub-playbooksThis playbook does not use any sub-playbooks.
#
Integrations- MicrosoftDefenderAdvancedThreatProtection
#
Scripts- UnzipFile
- isError
- DeleteContext
#
Commands- microsoft-atp-live-response-get-file
#
Playbook InputsName | Description | Default Value | Required |
---|---|---|---|
paths | The file paths to be provided. | Optional |
#
Playbook OutputsThere are no outputs for this playbook.