This article describes how to initiate a scan action on an endpoint based on IP address or hostname using Palo Alto Networks Cortex™ XSOAR command line interface.
Base commands
Scans and removes threats found
malwarebytes-scan-and-remediate
Scans and reports threats found
malwarebytes-scan-and-report
Input
Argument name | Description | Required |
hostname | The hostname of an endpoint in Nebula. | Optional |
ip | The IP address of an endpoint in Nebula. | Optional |
Context Output
Path | Type | Description |
Malwarebytes.Scan.Machine_ID | string | The endpoint ID of the host. |
Malwarebytes.Scan.Job_ID | string | The job ID of the scanned host. |
Command example
!malwarebytes-scan-and-remediate hostname=DESKTOP-LI4MQ7B
!malwarebytes-scan-and-report hostname=TA-AZ-CLT1
Context example
{
"Malwarebytes.Scan": {
"Machine_ID": "211d8c3e-142c-4849-b1f0-1680b4bd239c",
"Job_ID": "c11a099b-1398-4db4-a881-17fca6aecc75"
}
}
{
"Malwarebytes.Scan": {
"Machine_ID": "017febb6-ae68-4c15-9918-d911c72d062a",
"Job_ID": "0391390f-742e-4c90-a70f-01e5c87a687d"
}
}
Human readable output
Scan and Remediate action has been successfully started on the Endpoint: DESKTOP-LI4MQ7B with the job_id: c11a099b-1398-4db4-a881-17fca6aecc75. Use job_id in malwarebytes-get-scan-detections command to view results
Scan and Report action has been successfully started on the Endpoint: TA-AZ-CLT1 with the job_id: 0391390f-742e-4c90-a70f-01e5c87a687d. Use job_id in malwarebytes-get-scan-detections command to view results
Return to the table of contents.