KillProcessWrapper
This Script is part of the Malware Investigation and Response Pack.#
Supported versions
Supported Cortex XSOAR versions: 6.1.0 and later.
A cross-vendor wrapper script that triggers a process kill command - i.e executes the proper kill process command according to the vendor: CrowdstrikeFalcon or Cortex XDR.
The script will only fail when the kill process action fails for both vendors.
Script Data#
| Name | Description |
|---|---|
| Script Type | python3 |
| Cortex XSOAR Version | 6.1.0 |
Inputs#
| Argument Name | Description |
|---|---|
| endpoint_id | The Endpoint ID in which you would like to kill the given process. |
| process_id | The ID of the process to kill. Either the process_id or the process_name must be specified. |
| process_name | The name of the process to kill. Either the process_id or the process_name must be specified. |
| approve_action | Are you sure you want to kill this process? |
Outputs#
| Path | Description | Type |
|---|---|---|
| CrowdStrike.Command.kill | The outputs of the CrowdStrike kill process command. | List |
| CrowdStrike.Command.kill.Error | The status of the CrowdStrike kill process command. | String |
| CrowdStrike.Command.kill.HostID | The endpoint ID of the process. | String |
| CrowdStrike.Command.kill.ProcessID | The ID of the process. | String |
| PaloAltoNetworksXDR.ScriptRun | The outputs of the Cortex XDR kill process command. | List |
| PaloAltoNetworksXDR.ScriptRun.action_id | The ID of the kill process action initiated. | Number |
| PaloAltoNetworksXDR.ScriptRun.endpoints_count | The number of endpoints the action was initiated on. | Number |
| PaloAltoNetworksXDR.ScriptRun.status | The status of the kill process action. | Number |