Skip to main content

Registry Parse Data Analysis

Supported versions

Supported Cortex XSOAR versions: 6.0.0 and later.

This playbook leverages the RegistryParse automation to perform registry analysis and extract forensic artifacts. The automation includes common registry objects to extract which are useful for analyzing registry, or a user provided registry path to parse.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

This playbook does not use any integrations.

Scripts#

  • RegistryParse

Commands#

This playbook does not use any commands.

Playbook Inputs#


NameDescriptionDefault ValueRequired
RegistryFileEntryIDThe entry ID for the registry file to parse.Optional
RegistryDataThe data to parse out of the registry and output to context, including
Users
LastLoggedOnUser
MachineRunOnce
MachineStartup
Timezone
USB
"All" selects all the options and any default options
Optional
CustomRegistryPathsCustom registry path to parse.Optional

Playbook Outputs#


PathDescriptionType
RegistryForensicDataThe data parsed from registry.string

Playbook Image#


Registry Data Analysis