CBLiveGetFile_V2
This Script is part of the Carbon Black Enterprise Response Pack.#
This automation translate endpoint (hostname/IP) to sensor id, Than it downloads given file paths by opening session and closing it.
Script Data#
| Name | Description |
|---|---|
| Script Type | python3 |
| Tags | carbon-black, endpoint |
| Cortex XSOAR Version | 4.1.0 |
Inputs#
| Argument Name | Description |
|---|---|
| endpoint | hostname of a Carbon Black sensor (Could be IP). |
| path | Comma seprated files path to download from the endpoint.. |
| timeout | Session timeout (ms). |
Outputs#
| Path | Description | Type |
|---|---|---|
| CbLiveResponse.Commands.CbCommandID | Unique command identifier. | Number |
| CbLiveResponse.Commands.CommandName | The command name. | String |
| CbLiveResponse.Commands.Status | The command Status ('pending', 'in progress', 'complete', 'error', 'canceled'). | String |
| CbLiveResponse.Commands.CommandCompletionTime | The command completion time (0 if not complete). | String |
| CbLiveResponse.Commands.OperandObject | The source path of the file. | String |
| CbLiveResponse.Commands.FileID | Unique file ID. | Number |
| CbLiveResponse.File.Size | File size. | String |
| CbLiveResponse.File.SHA1 | File SHA1. | String |
| CbLiveResponse.File.SHA256 | File SHA256. | String |
| CbLiveResponse.File.Name | File name. | String |
| CbLiveResponse.File.SSDeep | File SSDeep. | String |
| CbLiveResponse.File.EntryID | File EntryID. | Number |
| CbLiveResponse.File.Info | File info. | String |
| CbLiveResponse.File.Type | File type. | String |
| CbLiveResponse.File.MD5 | File MD5. | String |
| CbLiveResponse.File.Extension | File extension. | String |
Command Example#
!CBLiveGetFile_v2 endpoint=EC2AMAZ-L4C2OKC path="c:\\Users\\All Users\\Desktop\\mooncake.jpg" timeout=2000
Context Example#
Human Readable Output#
Files downloaded from endpoint EC2AMAZ-L4C2OKC#
File ID File Path 1 "c:\Users\All Users\Desktop\mooncake.jpg"