Get RTR Extracted File Contents
Get RTR extracted file contents for the specified session and sha256.
note
CrowdStrike returns the file in 7z format.
In order to get the file's true content, configure in the step config to save the output into a file - For more information, see Configuring your Step Settings.
If not, the action will keep running/will return nothing and will not download the wanted file.
Parameters
| Parameter | Description |
|---|---|
| File Name | File name to use for the archive name and the file within the archive. |
| SHA256 | Extracted SHA256 (e.g. efa256a96af3b556cd3fc9d8b1cf587d72807d7805ced441e8149fc279db422b). You can find the file hash in the response of the List RTR Session Files action for the wanted file and session. |
| Session ID | RTR Session ID. You can find the Session ID in the response of the Create Batch Session action for the wanted host. |
Example Output
[
0
]
Workflow Library Example
Get Rtr Extracted File Contents with Crowdstrike and Send Results Via Email
Preview this Workflow on desktop