Skip to main content

MDE - Retrieve File

This Playbook is part of the Microsoft Defender for Endpoint Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.5.0 and later.

This playbook is part of the 'Malware Investigation And Response' pack. For more information, refer to https://xsoar.pan.dev/docs/reference/packs/malware-investigation-and-response. This playbook uses the Live Response feature to retrieve a file from an endpoint./nNote that the endpoint id will be set from the incident field "Device ID".

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • MicrosoftDefenderAdvancedThreatProtection

Scripts#

  • UnzipFile
  • isError
  • DeleteContext

Commands#

  • microsoft-atp-live-response-get-file

Playbook Inputs#


NameDescriptionDefault ValueRequired
pathsThe file paths to be provided.Optional

Playbook Outputs#


There are no outputs for this playbook.

Playbook Image#


MDE - Retrieve File