This article describes how to initiate an action to list all Suspicious Activity from a hostname value and list all the hostnames from path of file using Palo Alto Networks Cortex™ XSOAR command line interface.
Base command
malwarebytes-get-sa-activitiesInput
| Argument name | Description | Required |
|---|---|---|
| hostname | The hostname of an endpoint in Nebula. | Optional |
| path | The path of the file to be searched in suspicious activities. | Optional |
Context Output
| Path | Type | Description |
|---|---|---|
| Malwarebytes.Endpoint.Suspicious_Activities | string | The suspicious activities for the host. |
Command example
!malwarebytes-get-sa-activities hostname=DESKTOP-664HFM6Context example
{
"Malwarebytes.Endpoint": {
"Suspicious_Activities": [
{
"status": "detected",
"detection_id_list": [
67932985
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:46:20.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\TLX3EVTX\\EKATI4102.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932021
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:45:38.000Z",
"detected_by_count": 9,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\LYFB0FPR\\EKATI8717.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932009
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:45:35.000Z",
"detected_by_count": 8,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\X0BDZ1FX\\EKATI5156.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932084
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-20T08:45:32.000Z",
"detected_by_count": 3,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ZAX2TN0U\\EKATI3331.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932008
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:45:08.000Z",
"detected_by_count": 10,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\V1YOTCGH\\EKATI1530.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932145
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-20T08:45:02.000Z",
"detected_by_count": 1,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\IJJZUABZ\\E55QEANT8731.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67932186
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-20T08:45:02.000Z",
"detected_by_count": 2,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\IJJZUABZ\\EKATI7353.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "closed",
"detection_id_list": [
67931295
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:43:34.000Z",
"detected_by_count": 9,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\IMPDUHIQ\\EKATI3476.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "processing",
"detection_id_list": [
67931302
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:43:31.000Z",
"detected_by_count": 9,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\4KQQJWG5\\EKATI4354.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "processing",
"detection_id_list": [
67931496
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-20T08:43:24.000Z",
"detected_by_count": 1,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\AVQCVSEN\\CSF2FQEI8635.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67931509
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 2,
"timestamp": "2020-04-20T08:43:24.000Z",
"detected_by_count": 3,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\AVQCVSEN\\EKATI2270.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
},
{
"status": "detected",
"detection_id_list": [
67931294
],
"account_id": "2020bd17-a809-4102-b744-94fe8ad1c591",
"pc_hostname": "DESKTOP-664HFM6",
"level": 3,
"timestamp": "2020-04-20T08:43:16.000Z",
"detected_by_count": 11,
"path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\RGCNKCKH\\EKATI1130.EXE",
"machine_id": "5074ade3-5716-44d8-83c7-5985379c0399"
}
]
}
}
Return to the table of contents.