Retrieve File from Endpoint - Generic V2

This playbook retrieves a file sample from an endpoint using the following playbooks:

  • Get File Sample From Path - Generic v2.
  • Get File Sample By Hash - Generic v3.

Dependencies

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks

  • Get File Sample By Hash - Generic v3
  • Get File Sample From Path - Generic V2

Integrations

This playbook does not use any integrations.

Scripts

This playbook does not use any scripts.

Commands

This playbook does not use any commands.

Playbook Inputs


NameDescriptionDefault ValueRequired
MD5The MD5 hash value for the file to retrieve.Optional
SHA256The SHA256 hash value for the file to retrieve.Optional
HostnameHostname of the machine on which the file is located.Optional
PathThe path of the file to retrieve.
For example:
C:\users\folder\file.txt.
Optional
UseD2Determines whether a D2 agent will be used to retrieve the file.
Options:
no (default)
yes
noOptional
Agent_IDThe ID of the agent in the relevant integration (such as EDR).Optional

Playbook Outputs


PathDescriptionType
File.SizeThe size of the file.number
File.TypeThe type of the file.string
File.InfoGeneral information of the file.string
File.MD5The MD5 hash of the file.string
File.SHA1The SHA1 hash of the file.string
File.SHA256The SHA256 hash of the file.string
File.SHA512The SHA512 hash of the file.string
File.EntryIDFile entry ID.string
File.ExtensionThe file extension.string
File.NameThe file name.string
File.SSDeepThe file SSDeep.string

Playbook Image


Retrieve File from Endpoint - Generic V2