Get RTR Extracted File Contents
Get RTR extracted file contents for the specified session and sha256.
The following role is required to run this action:
Real Time Responder - Active Responder.
note
CrowdStrike returns the file in 7z format.
In order to get the file's true content, configure in the step config to save the output into a file - For more information, see Configuring your Step Settings.
If not, the action will keep running/will return nothing and will not download the wanted file.
Parameters
| Parameter | Description |
|---|---|
| File Name | File name to use for the archive name and the file within the archive. |
| SHA256 | Extracted SHA256 (e.g. efa256a96af3b556cd3fc9d8b1cf587d72807d7805ced441e8149fc279db422b).You can find the file hash in the response of the List RTR Session Files action for the wanted file and session. |
| Session ID | RTR Session ID. You can find the Session ID in the response of the Create Batch Session action for the wanted host. |
Example Output
[
0
]
Workflow Library Example
Get Rtr Extracted File Contents with Crowdstrike and Send Results Via Email
Preview this Workflow on desktop