CrowdStrike Falcon - Retrieve File
This playbook is part of the 'Malware Investigation And Response' pack. For more information, refer to https://xsoar.pan.dev/docs/reference/packs/malware-investigation-and-response. This playbook retrieves and unzips files from CrowdStrike Falcon and returns a list of the files that were and were not retrieved.
CrowdStrike Falcon · 8 tasks · 4 inputs · 2 outputs
Inputs
HostId— The ID of the host to use.PathsToGet— The path to retrieve the file from the host.ZipPassword— Default password to unzip files retrieved by CrowdStrike Falcon.FileNames— The names of the file to retrieve. This is used to validate that all the intended files were retrieved, not to specify which ones will be retrieved.
Outputs
ExtractedFiles— A list of file names that were extracted from the ZIP file.NonRetrievedFiles— A list of files that were not retrieved.
Commands used
cs-falcon-rtr-retrieve-file