Run Command On A Single Host

Executes a RTR active-responder command on the given host. Note that an active session for the host is required - you can use the Create Batch Session action for the wanted host. Use this endpoint to run these real time response commands:

cat
cd
clear
cp
encrypt
env
eventlog
filehash
get
getsid
help
history
ipconfig
kill
ls
map
memdump
mkdir
mount
mv
netstat
ps
reg query
reg set
reg delete
reg load
reg unload
restart
rm
runscript
shutdown
unmap
update history
update install
update list
update query
xmemdump
zip

Parameters

Parameter	Description
Base Command	Active-Responder command type we are going to execute, for example: `get` or `cp`. Refer to the RTR documentation for the full list of commands.
Command String	Command's input. For example `get some_file.txt`.
Session ID	The ID of the RTR Session to run the command on. You can find the Session ID in the response of the Create Batch Session action for the wanted host.

Example Output

{
    "errors": [
        {
            "code": 0,
            "id": "string",
            "message": "string"
        }
    ],
    "meta": {
        "pagination": {
            "limit": 0,
            "offset": 0,
            "total": 0
        },
        "powered_by": "string",
        "query_time": 0,
        "trace_id": "string",
        "writes": {
            "resources_affected": 0
        }
    },
    "resources": [
        {
            "cloud_request_id": "string",
            "queued_command_offline": false,
            "session_id": "string"
        }
    ]
}

Workflow Library Example

Run Command on a Single Host with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop

Run Command On A Single Host

Parameters​

Example Output​

Workflow Library Example​

Parameters

Example Output

Workflow Library Example