Skip to main content

Get RTR Extracted File Contents

Get RTR extracted file contents for the specified session and sha256.

note

CrowdStrike returns the file in 7z format. In order to get the file's true content, configure in the step config to save the output into a file - For more information, see Configuring your Step Settings. If not, the action will keep running/will return nothing and will not download the wanted file.

Parameters

ParameterDescription
File NameFile name to use for the archive name and the file within the archive.
SHA256Extracted SHA256 (e.g. efa256a96af3b556cd3fc9d8b1cf587d72807d7805ced441e8149fc279db422b).You can find the file hash in the response of the List RTR Session Files action for the wanted file and session.
Session IDRTR Session ID. You can find the Session ID in the response of the Create Batch Session action for the wanted host.

Example Output

[
0
]

Workflow Library Example

Get Rtr Extracted File Contents with Crowdstrike and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop