If a JSON argument is passed, it will be used to the exclusion of other parameters, otherwise parameters will be combined with an AND clause. At least one argument must be passed in the command. Searches for file events by JSON query, hash, username, device hostname, exfiltration type, or a combination of parameters. You can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook.Īfter you successfully execute a command, a DBot message appears in the War Room with the command details. Include the list of files in returned incidents.Ĭlick Test to validate the URLs, token, and connection.
ParameterĬode42 Console URL for your Code42 environmentĪlert severities to fetch when fetching incidentsįirst fetch time range (, e.g., 1 hour, 30 minutes)Īlerts to fetch per run note that increasing this value may result in slow performance if too many results are returned at once Navigate to Settings > Integrations > Servers & Services.Ĭlick Add instance to create and configure a new integration instance. Use the Code42 integration to identify potential data exfiltration from insider threats while speeding investigation and response by providing fast access to file events and metadata across physical and cloud environments.
This Integration is part of the Code42 Pack.
0 kommentar(er)
