Endpoint Malware Investigation - Generic Deprecated
Deprecated. Use 'Malware Investigation & Response Incident handler' instead. (From the 'Malware Investigation And Response Pack') This playbook is triggered by a malware incident from an 'Endpoint' type integration. The playbook performs enrichment, detonation, and hunting within the organization, and remediation on the malware. Used sub-playbooks: - Endpoint Enrichment - Generic v2.1 - Retrieve File from Endpoint - Generic - Detonate File - Generic - File Enrichment - Generic v2 - Calculate Severity - Generic v2 - Isolate Endpoint - Generic - Block Indicators - Generic v2
Malware Core · 34 tasks · 8 inputs · 0 outputs
Inputs
AutoIsolation— This input determines the threshold severity from which to perform auto-isolation for the infected endpoint. Specify the severity number (default is High): Specify the severity number: 0 - Unknown 0.5 - Informational 1 - Low 2 - Medium 3 - High 4 - CriticalEmail— The Email address to notify if there is a possibility of the malware spreading and infecting other endpoints.MD5— File MD5.SHA256— File SHA256.Hostname— Hostname of the machine on which the file is located.FilePath— File path.UseD2— Specifies whether to use D2 agent to retrieve the file.SHA1— File SHA1.
Commands used
closeInvestigation
send-mail
setIncident