This article describes how to initiate a list endpoints info action to show detailed endpoint information using Palo Alto Networks Cortex™ XSOAR command line interface.
Base command
malwarebytes-list-endpoint-infoInput
| Argument name | Description | Required |
|---|---|---|
| hostname | The hostname of an endpoint in Nebula. | Optional |
| ip | The IP address of an endpoint in Nebula. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| Malwarebytes.Endpoint.Assets | string | Asset information of the endpoint. |
| Malwarebytes.Endpoint.Hostname | string | The hostname that is mapped to this endpoint. |
| Malwarebytes.Endpoint.IPAddress | string | The IP address of this endpoint. |
| Malwarebytes.Endpoint.Domain | string | The domain of this endpoint. |
| Malwarebytes.Endpoint.MACAddress | string | The MAC address of this endpoint. |
| Malwarebytes.Endpoint.OS | string | The operating system of this endpoint. |
| Malwarebytes.Endpoint.OSVersion | string | The operating system version of this endpoint. |
| Malwarebytes.Endpoint.Model | string | The model of the machine or device. |
| Malwarebytes.Endpoint.Memory | int | Memory on this endpoint. |
| Endpoint.Hostname | string | The hostname that is mapped to this endpoint. |
| Endpoint.IPAddress | string | The IP address of this endpoint. |
| Endpoint.Domain | string | The domain of this endpoint. |
| Endpoint.MACAddress | string | The MAC address of this endpoint. |
| Endpoint.OS | string | The operating system of this endpoint. |
| Endpoint.OSVersion | string | The operating system version of this endpoint. |
| Endpoint.Model | string | The model of the machine or device. |
| Endpoint.Memory | int | Memory on this endpoint. |
Command example
!malwarebytes-list-endpoint-info hostname=TA-AZ-CLT1Context example
{
"Malwarebytes.Endpoint": {
"MACAddress": "000D3A0AFEC2",
"Domain": "",
"Assets": {
"computer_info": {
"model": "Virtual Machine",
"manufacturer": "Microsoft Corporation"
},
"plugin_version": "1.2.0.330",
"object_sid": "",
"updates_installed": [],
"dhcp_scope_name": "",
"object_guid": "",
"drives": [
{
"name": "C:\\",
"total_size": 135838822400,
"freespace_available": 124591616000,
"freespace_total": 124591616000,
"volume_label": "Windows",
"drive_format": "NTFS"
},
{
"name": "D:\\",
"total_size": 8588816384,
"freespace_available": 7477661696,
"freespace_total": 7477661696,
"volume_label": "Temporary Storage",
"drive_format": "NTFS"
}
],
"domain_name": "",
"culture": "en-US",
"nics": [
{
"ips": [
"10.0.0.11"
],
"description": "Microsoft Hyper-V Network Adapter",
"mac_address": "000D3A0AFEC2"
}
],
"host_name": "TA-AZ-CLT1",
"software_installed": [
{
"product": "Google Chrome",
"version": "80.0.3987.87",
"vendor": "Google LLC",
"installed_date": "2020-02-05T00:00:00Z"
},
{
"product": "Malwarebytes Endpoint Agent",
"version": "1.2.0.0",
"vendor": "Malwarebytes",
"installed_date": "2020-02-05T00:00:00Z"
}
],
"memory": {
"total_physical": 4294967296,
"total_virtual": 5368094720,
"free_virtual": 2920792064,
"free_physical": 1683750912
},
"time_zone": "Etc/GMT",
"startups": [
{
"value": "explorer.exe",
"name": "Shell",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
},
{
"value": "",
"name": "System",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
},
{
"value": "",
"name": "Taskman",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
},
{
"value": "C:\\windows\\system32\\userinit.exe,",
"name": "Userinit",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
},
{
"value": "C:\\windows\\system32\\SecurityHealthSystray.exe",
"name": "SecurityHealth",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
},
{
"value": "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}",
"name": "WebCheck",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad"
},
{
"name": "Authentication Packages",
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa"
},
{
"name": "Notification Packages",
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa"
},
{
"name": "Security Packages",
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa"
},
{
"value": "credssp.dll",
"name": "SecurityProviders",
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders"
}
],
"fully_qualified_host_name": "TA-AZ-CLT1",
"os_info": {
"os_release_name": "Microsoft Windows 10 Pro",
"os_type": "Workstation",
"os_architecture": "Amd64",
"os_platform": "Windows",
"os_version": "10.0.17763"
}
},
"OS": "Windows",
"Hostname": "TA-AZ-CLT1",
"Memory": {
"total_physical": 4294967296,
"total_virtual": 5368094720,
"free_virtual": 2920792064,
"free_physical": 1683750912
},
"Model": "Virtual Machine",
"OSVersion": "10.0.17763",
"IPAddress": [
{
"ips": [
"10.0.0.11"
],
"description": "Microsoft Hyper-V Network Adapter",
"mac_address": "000D3A0AFEC2"
}
]
},
"Endpoint": {
"MACAddress": "000D3A0AFEC2",
"Domain": "",
"OS": "Windows",
"Hostname": "TA-AZ-CLT1",
"Memory": {
"total_physical": 4294967296,
"total_virtual": 5368094720,
"free_virtual": 2920792064,
"free_physical": 1683750912
},
"Model": "Virtual Machine",
"OSVersion": "10.0.17763",
"IPAddress": [
{
"ips": [
"10.0.0.11"
],
"description": "Microsoft Hyper-V Network Adapter",
"mac_address": "000D3A0AFEC2"
}
]
}
}
Return to the table of contents.