This article describes how to initiate an action to list all Suspicious Activity from a hostname value and list all the hostnames from path of file using Palo Alto Networks Cortex™ XSOAR command line interface.
Base command
malwarebytes-get-sa-activities
Input
Argument name | Description | Required |
hostname | The hostname of an endpoint in Nebula. | Optional |
path | The path of the file to be searched in suspicious activities. | Optional |
Context Output
Path | Type | Description |
Malwarebytes.Endpoint.Suspicious_Activities | string | The suspicious activities for the host. |
Command example
!malwarebytes-get-sa-activities hostname=DESKTOP-664HFM6
Context example
{ "Malwarebytes.Endpoint": { "Suspicious_Activities": [ { "status": "detected", "detection_id_list": [ 67932985 ], "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", "pc_hostname": "DESKTOP-664HFM6", "level": 3, "timestamp": "2020-04-20T08:46:20.000Z", "detected_by_count": 10, "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\TLX3EVTX\\EKATI4102.EXE", "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399" }, { "status": "detected", "detection_id_list": [ 67932021 ], "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", "pc_hostname": "DESKTOP-664HFM6", "level": 3, "timestamp": "2020-04-20T08:45:38.000Z", "detected_by_count": 9, "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\LYFB0FPR\\EKATI8717.EXE", "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399" }, { "status": "detected", "detection_id_list": [ 67932009 ], "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", "pc_hostname": "DESKTOP-664HFM6", "level": 3, "timestamp": "2020-04-20T08:45:35.000Z", "detected_by_count": 8, "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\X0BDZ1FX\\EKATI5156.EXE", "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399" }, { "status": "detected", "detection_id_list": [ 67932084 ], "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", "pc_hostname": "DESKTOP-664HFM6", "level": 2, "timestamp": "2020-04-20T08:45:32.000Z", "detected_by_count": 3, "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\ZAX2TN0U\\EKATI3331.EXE", "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399" }, { "status": "detected", "detection_id_list": [ 67932008 ], "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", "pc_hostname": "DESKTOP-664HFM6", "level": 3, "timestamp": "2020-04-20T08:45:08.000Z", "detected_by_count": 10, "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\V1YOTCGH\\EKATI1530.EXE", "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399" }, { "status": "detected", "detection_id_list": [ 67932145 ], "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", "pc_hostname": "DESKTOP-664HFM6", "level": 2, "timestamp": "2020-04-20T08:45:02.000Z", "detected_by_count": 1, "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\IJJZUABZ\\E55QEANT8731.EXE", "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399" }, { "status": "detected", "detection_id_list": [ 67932186 ], "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", "pc_hostname": "DESKTOP-664HFM6", "level": 2, "timestamp": "2020-04-20T08:45:02.000Z", "detected_by_count": 2, "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\IJJZUABZ\\EKATI7353.EXE", "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399" }, { "status": "closed", "detection_id_list": [ 67931295 ], "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", "pc_hostname": "DESKTOP-664HFM6", "level": 3, "timestamp": "2020-04-20T08:43:34.000Z", "detected_by_count": 9, "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\IMPDUHIQ\\EKATI3476.EXE", "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399" }, { "status": "processing", "detection_id_list": [ 67931302 ], "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", "pc_hostname": "DESKTOP-664HFM6", "level": 3, "timestamp": "2020-04-20T08:43:31.000Z", "detected_by_count": 9, "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\4KQQJWG5\\EKATI4354.EXE", "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399" }, { "status": "processing", "detection_id_list": [ 67931496 ], "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", "pc_hostname": "DESKTOP-664HFM6", "level": 2, "timestamp": "2020-04-20T08:43:24.000Z", "detected_by_count": 1, "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\AVQCVSEN\\CSF2FQEI8635.EXE", "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399" }, { "status": "detected", "detection_id_list": [ 67931509 ], "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", "pc_hostname": "DESKTOP-664HFM6", "level": 2, "timestamp": "2020-04-20T08:43:24.000Z", "detected_by_count": 3, "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\AVQCVSEN\\EKATI2270.EXE", "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399" }, { "status": "detected", "detection_id_list": [ 67931294 ], "account_id": "2020bd17-a809-4102-b744-94fe8ad1c591", "pc_hostname": "DESKTOP-664HFM6", "level": 3, "timestamp": "2020-04-20T08:43:16.000Z", "detected_by_count": 11, "path": "C:\\USERS\\ROHIN SAMBATH KUMAR\\DESKTOP\\RGCNKCKH\\EKATI1130.EXE", "machine_id": "5074ade3-5716-44d8-83c7-5985379c0399" } ] } }
Return to the table of contents.