Get File Sample By Hash - Generic v3
This playbook returns a file sample correlating to a hash in the War Room using the following sub-playbooks: - Get binary file by MD5 hash from Carbon Black telemetry data - VMware Carbon Black EDR v2. - Get the threat (file) associated with a specific SHA256 hash - Cylance Protect v2. - Get the file associated with a specific MD5 or SHA256 hash - Code42.
Common Playbooks · 5 tasks · 3 inputs · 11 outputs
Inputs
MD5— The MD5 hash value for the file to retrieve.SHA256— The SHA256 hash value for the file to retrieve.NewFilename— A new name for the retrieved file. If left empty, the filename will not change.
Outputs
File.Size— The size of the file.File.Type— The type of the file.File.Info— General information of the file.File.MD5— The MD5 hash of the file.File.SHA1— The SHA1 hash of the file.File.SHA256— The SHA256 hash of the file.File.SHA512— The SHA512 hash of the file.File.SSDeep— The SSDeep of the file.File.Extension— The file extension.File.EntryID— The file entry ID.File.Name— The file name.