Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add docs for WithSecure response actions #2024

Merged
merged 2 commits into from
Sep 24, 2024
Merged

Add docs for WithSecure response actions #2024

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
37b2538
Add docs for WithSecure response actions
lvoloshyn-sekoia Sep 24, 2024
a62ced3
Fix `enumerate process` args
lvoloshyn-sekoia Sep 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions docs/integration/action_library/endpoint/withsecure.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,39 @@ Update status on Incident.
| `status` | `string` | Status. |
| `resolution` | `string` | Resolution. |

### Enumerate processes

Enumerate running processes.

| Name | Type | Description |
|-------------------|------------|-----------------------------------------------|
| `target` | `string` | Device identifier on which action is created. |
| `organization_id` | `string` | UUID of an organization. |

### Kill Thread

Kill thread.

| Name | Type | Description |
|-------------------|---------------|-----------------------------------------------|
| `target` | `string` | Device identifier on which action is created. |
| `organization_id` | `string` | UUID of an organization. |
| `thread_id` | `integer` | ID of a Thread to kill. |


### Kill Process

Kill processes matching patterns.

| Name | Type | Description |
|------------------------|-----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `target` | `string` | Device identifier on which action is created. |
| `organization_id` | `string` | UUID of an organization. |
| `match` | `string` | Strategy used to match processes<br/>(`processId`,`processName`,`processNameRegex`,`processPath`,`processPathRegex`) |
| `process_match_values` | `array` | List of values that are used to match process to kill. Depending on selected strategy it might be list of identifiers, names or regular expressions. Up to 6 elements. |
| `process_memory_dump` | `boolean` | Whether to run memory dump on process before killing it. Memory dump can be run only if `processName` or `processId` strategy is used |
| `memory_dump_flag` | `string` | Memory dump flag (`full` - memory dump includes all accessible memory of process, `pmem` - only information necessary to capture process' stack traces) |


## Extra

Expand Down
Loading