This article describes how to initiate a list endpoints info action to show detailed endpoint information using Palo Alto Networks Cortex™ XSOAR command line interface.
Base command
malwarebytes-list-endpoint-info
Input
Argument name | Description | Required |
hostname | The hostname of an endpoint in Nebula. | Optional |
ip | The IP address of an endpoint in Nebula. | Optional |
Context Output
Path | Type | Description |
Malwarebytes.Endpoint.Assets | string | Asset information of the endpoint. |
Malwarebytes.Endpoint.Hostname | string | The hostname that is mapped to this endpoint. |
Malwarebytes.Endpoint.IPAddress | string | The IP address of this endpoint. |
Malwarebytes.Endpoint.Domain | string | The domain of this endpoint. |
Malwarebytes.Endpoint.MACAddress | string | The MAC address of this endpoint. |
Malwarebytes.Endpoint.OS | string | The operating system of this endpoint. |
Malwarebytes.Endpoint.OSVersion | string | The operating system version of this endpoint. |
Malwarebytes.Endpoint.Model | string | The model of the machine or device. |
Malwarebytes.Endpoint.Memory | int | Memory on this endpoint. |
Endpoint.Hostname | string | The hostname that is mapped to this endpoint. |
Endpoint.IPAddress | string | The IP address of this endpoint. |
Endpoint.Domain | string | The domain of this endpoint. |
Endpoint.MACAddress | string | The MAC address of this endpoint. |
Endpoint.OS | string | The operating system of this endpoint. |
Endpoint.OSVersion | string | The operating system version of this endpoint. |
Endpoint.Model | string | The model of the machine or device. |
Endpoint.Memory | int | Memory on this endpoint. |
Command example
!malwarebytes-list-endpoint-info hostname=TA-AZ-CLT1
Context example
{ "Malwarebytes.Endpoint": { "MACAddress": "000D3A0AFEC2", "Domain": "", "Assets": { "computer_info": { "model": "Virtual Machine", "manufacturer": "Microsoft Corporation" }, "plugin_version": "1.2.0.330", "object_sid": "", "updates_installed": [], "dhcp_scope_name": "", "object_guid": "", "drives": [ { "name": "C:\\", "total_size": 135838822400, "freespace_available": 124591616000, "freespace_total": 124591616000, "volume_label": "Windows", "drive_format": "NTFS" }, { "name": "D:\\", "total_size": 8588816384, "freespace_available": 7477661696, "freespace_total": 7477661696, "volume_label": "Temporary Storage", "drive_format": "NTFS" } ], "domain_name": "", "culture": "en-US", "nics": [ { "ips": [ "10.0.0.11" ], "description": "Microsoft Hyper-V Network Adapter", "mac_address": "000D3A0AFEC2" } ], "host_name": "TA-AZ-CLT1", "software_installed": [ { "product": "Google Chrome", "version": "80.0.3987.87", "vendor": "Google LLC", "installed_date": "2020-02-05T00:00:00Z" }, { "product": "Malwarebytes Endpoint Agent", "version": "1.2.0.0", "vendor": "Malwarebytes", "installed_date": "2020-02-05T00:00:00Z" } ], "memory": { "total_physical": 4294967296, "total_virtual": 5368094720, "free_virtual": 2920792064, "free_physical": 1683750912 }, "time_zone": "Etc/GMT", "startups": [ { "value": "explorer.exe", "name": "Shell", "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon" }, { "value": "", "name": "System", "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon" }, { "value": "", "name": "Taskman", "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon" }, { "value": "C:\\windows\\system32\\userinit.exe,", "name": "Userinit", "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon" }, { "value": "C:\\windows\\system32\\SecurityHealthSystray.exe", "name": "SecurityHealth", "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" }, { "value": "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}", "name": "WebCheck", "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad" }, { "name": "Authentication Packages", "key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa" }, { "name": "Notification Packages", "key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa" }, { "name": "Security Packages", "key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa" }, { "value": "credssp.dll", "name": "SecurityProviders", "key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders" } ], "fully_qualified_host_name": "TA-AZ-CLT1", "os_info": { "os_release_name": "Microsoft Windows 10 Pro", "os_type": "Workstation", "os_architecture": "Amd64", "os_platform": "Windows", "os_version": "10.0.17763" } }, "OS": "Windows", "Hostname": "TA-AZ-CLT1", "Memory": { "total_physical": 4294967296, "total_virtual": 5368094720, "free_virtual": 2920792064, "free_physical": 1683750912 }, "Model": "Virtual Machine", "OSVersion": "10.0.17763", "IPAddress": [ { "ips": [ "10.0.0.11" ], "description": "Microsoft Hyper-V Network Adapter", "mac_address": "000D3A0AFEC2" } ] }, "Endpoint": { "MACAddress": "000D3A0AFEC2", "Domain": "", "OS": "Windows", "Hostname": "TA-AZ-CLT1", "Memory": { "total_physical": 4294967296, "total_virtual": 5368094720, "free_virtual": 2920792064, "free_physical": 1683750912 }, "Model": "Virtual Machine", "OSVersion": "10.0.17763", "IPAddress": [ { "ips": [ "10.0.0.11" ], "description": "Microsoft Hyper-V Network Adapter", "mac_address": "000D3A0AFEC2" } ] } }
Return to the table of contents.