Skip to main content

Retrieve File from Endpoint - Generic V2

This playbook retrieves a file sample from an endpoint using the following playbooks:

  • Get File Sample From Path - Generic v2.
  • Get File Sample By Hash - Generic v3.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • Get File Sample By Hash - Generic v3
  • Get File Sample From Path - Generic V2

Integrations#

This playbook does not use any integrations.

Scripts#

This playbook does not use any scripts.

Commands#

This playbook does not use any commands.

Playbook Inputs#


NameDescriptionDefault ValueRequired
MD5The MD5 hash value for the file to retrieve.Optional
SHA256The SHA256 hash value for the file to retrieve.Optional
HostnameHostname of the machine on which the file is located.Optional
PathThe path of the file to retrieve.
For example:
C:\users\folder\file.txt.
Optional
UseD2Determines whether a D2 agent will be used to retrieve the file.
Options:
no (default)
yes
noOptional
Agent_IDThe ID of the agent in the relevant integration (such as EDR).Optional

Playbook Outputs#


PathDescriptionType
File.SizeThe size of the file.number
File.TypeThe type of the file.string
File.InfoGeneral information of the file.string
File.MD5The MD5 hash of the file.string
File.SHA1The SHA1 hash of the file.string
File.SHA256The SHA256 hash of the file.string
File.SHA512The SHA512 hash of the file.string
File.EntryIDFile entry ID.string
File.ExtensionThe file extension.string
File.NameThe file name.string
File.SSDeepThe file SSDeep.string

Playbook Image#


Retrieve File from Endpoint - Generic V2