Search Endpoints By Hash - Carbon Black Protection

Hunts for endpoint activity involving hash IOCs, using Carbon Black Protection.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

This playbook does not use any sub-playbooks.

Integrations#

  • carbonblackprotection

Scripts#

  • CBPCatalogFindHash
  • Exists
  • CBPFindRule
  • Set

Commands#

  • cbp-computer-get

Playbook Inputs#


NameDescriptionDefault ValueSourceRequired
HashThe MD5 file Hash to hunt for.MD5FileOptional

Playbook Outputs#


PathDescriptionType
Endpoint.HostnameThe device hostname.string
EndpointThe endpoint.unknown

Playbook Image#


Search_Endpoints_By_Hash_Carbon_Black_Protection