• cat
  • cd
  • clear
  • cp
  • encrypt
  • env
  • eventlog
  • filehash
  • get
  • getsid
  • help
  • history
  • ipconfig
  • kill
  • ls
  • map
  • memdump
  • mkdir
  • mount
  • mv
  • netstat
  • ps
  • reg query
  • reg set
  • reg delete
  • reg load
  • reg unload
  • restart
  • rm
  • runscript
  • shutdown
  • unmap
  • update history
  • update install
  • update list
  • update query
  • xmemdump
  • zip

Parameters

ParameterDescription
Base CommandActive-Responder command type we are going to execute, for example: get or cp.Refer to the RTR documentation for the full list of commands.
Command StringCommand’s input. For example get some_file.txt.
Session IDThe ID of the RTR Session to run the command on. You can find the Session ID in the response of the Create Batch Session action for the wanted host.

Example Output

{    "errors": [        {            "code": 0,            "id": "string",            "message": "string"        }    ],    "meta": {        "pagination": {            "limit": 0,            "offset": 0,            "total": 0        },        "powered_by": "string",        "query_time": 0,        "trace_id": "string",        "writes": {            "resources_affected": 0        }    },    "resources": [        {            "cloud_request_id": "string",            "queued_command_offline": false,            "session_id": "string"        }    ]}

Workflow Library Example

Run Command on a Single Host with Crowdstrike and Send Results Via Email

Preview this Workflow on desktop

Was this page helpful?

Query Submitted SamplesRun Command On Batch Session