diff --git a/docs/serverless/endpoint-response-actions/response-actions.mdx b/docs/serverless/endpoint-response-actions/response-actions.mdx index 0229a22c5e..03557d47e6 100644 --- a/docs/serverless/endpoint-response-actions/response-actions.mdx +++ b/docs/serverless/endpoint-response-actions/response-actions.mdx @@ -179,6 +179,20 @@ You can follow this with the `execute` response action to upload and run scripts The default file size maximum is 25 MB, configurable in `kibana.yml` with the `maxUploadResponseActionFileBytes` setting. You must enter the value in bytes (the maximum is `104857600` bytes, or 100 MB). +### `scan` + +Scan a specific file or directory on the host for malware. The scan uses the malware protection settings (such as Detect or Prevent options, or enabling the blocklist) as configured in the host's associated ((elastic-defend)) integration policy. Use these parameters: + +* `--path` : (Required) The absolute path to a file or directory to be scanned. + +Required role: **Tier 3 Analyst**, **SOC Manager**, or **Endpoint Operations Analyst** + +Example: `scan --path "/Users/username/Downloads" --comment "Scan Downloads folder for malware"` + + + Scanning can take longer for directories containing a lot of files. + +
## Supporting commands and parameters