diff --git a/README.md b/README.md index ecac843..4c2252c 100644 --- a/README.md +++ b/README.md @@ -2,11 +2,11 @@ # Windows Remote Management Publisher: Splunk -Connector Version: 2\.2\.4 +Connector Version: 2.2.4 Product Vendor: Microsoft Product Name: Windows Remote Management -Product Version Supported (regex): "\.\*" -Minimum Product Version: 5\.1\.0 +Product Version Supported (regex): ".\*" +Minimum Product Version: 6.1.1 This app integrates with the Windows Remote Management service to execute various actions @@ -136,10 +136,10 @@ The below configuration variables are required for this Connector to operate. T VARIABLE | REQUIRED | TYPE | DESCRIPTION -------- | -------- | ---- | ----------- -**endpoint** | optional | string | IP/Hostname \(For TEST CONNECTIVITY and default, if not provided in an action\) -**verify\_server\_cert** | optional | boolean | Verify Server Certificate -**default\_protocol** | optional | string | Default protocol for actions -**default\_port** | optional | numeric | Default port for actions +**endpoint** | optional | string | IP/Hostname (For TEST CONNECTIVITY and default, if not provided in an action) +**verify_server_cert** | optional | boolean | Verify Server Certificate +**default_protocol** | optional | string | Default protocol for actions +**default_port** | optional | numeric | Default port for actions **domain** | optional | string | Domain **username** | required | string | Username **password** | required | password | Password @@ -188,7 +188,7 @@ Execute a command on the endpoint Type: **generic** Read only: **False** -Unless you implement a custom parser, this action will always succeed regardless of the input\. Either a command or pair of command\_id and shell\_id must be specified\. If a command\_id is present, all other parameters will be ignored\.

Note\: The command\_id and shell\_id you provide to fetch the output can only be used once because once the output is fetched successfully server will remove output from its cache\.

+Unless you implement a custom parser, this action will always succeed regardless of the input. Either a command or pair of command_id and shell_id must be specified. If a command_id is present, all other parameters will be ignored.

Note: The command_id and shell_id you provide to fetch the output can only be used once because once the output is fetched successfully server will remove output from its cache.

#### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS @@ -196,31 +196,31 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS **command** | optional | The command to be run | string | **arguments** | optional | The arguments for the command | string | **parser** | optional | The vault ID of a custom parser to use for output | string | `vault id` -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` **async** | optional | Start the command, but don't wait for output | boolean | -**command\_id** | optional | Command ID of async command \(Provide with shell\_id\) | string | `winrm command id` -**shell\_id** | optional | Shell ID of async command \(Provide with command\_id\) | string | `winrm shell id` +**command_id** | optional | Command ID of async command (Provide with shell_id) | string | `winrm command id` +**shell_id** | optional | Shell ID of async command (Provide with command_id) | string | `winrm shell id` #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.arguments | string | -action\_result\.parameter\.async | boolean | -action\_result\.parameter\.command | string | -action\_result\.parameter\.command\_id | string | `winrm command id` -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.parameter\.parser | string | `vault id` -action\_result\.parameter\.shell\_id | string | `winrm shell id` -action\_result\.data\.\*\.status\_code | numeric | -action\_result\.data\.\*\.std\_err | string | -action\_result\.data\.\*\.std\_out | string | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -action\_result\.summary\.command\_id | string | `winrm command id` -action\_result\.summary\.shell\_id | string | `winrm shell id` -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.arguments | string | | /all +action_result.parameter.async | boolean | | True False +action_result.parameter.command | string | | ipconfig +action_result.parameter.command_id | string | `winrm command id` | 1AAA1111-1A11-11A1-1111-1A1AAA1A11A1 +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.parameter.parser | string | `vault id` | 8afa5c86de9ea94ecfe5b4c0837d2543d0b20b56 +action_result.parameter.shell_id | string | `winrm shell id` | 1AAA1111-1A11-11A1-1111-1A1AAA1A11A1 +action_result.data.\*.status_code | numeric | | 0 +action_result.data.\*.std_err | string | | Error message +action_result.data.\*.std_out | string | | Successful output +action_result.status | string | | success failed +action_result.message | string | | Successfully ran command +action_result.summary | string | | +action_result.summary.command_id | string | `winrm command id` | 1AAA1111-1A11-11A1-1111-1A1AAA1A11A1 +action_result.summary.shell_id | string | `winrm shell id` | 1AAA1111-1A11-11A1-1111-1A1AAA1A11A1 +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'run script' Run a PowerShell script on the endpoint @@ -228,39 +228,39 @@ Run a PowerShell script on the endpoint Type: **generic** Read only: **False** -The script you provide can either be in the vault, or it can just be a string of the script to run\. If both values are present, it will use the script\_file over the script\_str\. Unless you implement a custom parser, this action will always succeed regardless of the input\. If command\_id and shell\_id are present, script\_file and script\_str will be ignored\. This action will fail if at least one of script\_file, script\_str, or the pair of command\_id and shell\_id are not specified\.

Note\: The command\_id and shell\_id you provide to fetch the output can only be used once because once the output is fetched successfully server will remove output from its cache\.

+The script you provide can either be in the vault, or it can just be a string of the script to run. If both values are present, it will use the script_file over the script_str. Unless you implement a custom parser, this action will always succeed regardless of the input. If command_id and shell_id are present, script_file and script_str will be ignored. This action will fail if at least one of script_file, script_str, or the pair of command_id and shell_id are not specified.

Note: The command_id and shell_id you provide to fetch the output can only be used once because once the output is fetched successfully server will remove output from its cache.

#### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**script\_file** | optional | The vault ID of a PowerShell script to run | string | `vault id` -**script\_str** | optional | A PowerShell script to run | string | +**script_file** | optional | The vault ID of a PowerShell script to run | string | `vault id` +**script_str** | optional | A PowerShell script to run | string | **parser** | optional | The vault ID of a custom parser to use for output | string | `vault id` -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` **async** | optional | Start the command, but don't wait for output | boolean | -**command\_id** | optional | Command ID of async command \(Provide with shell\_id\) | string | `winrm command id` -**shell\_id** | optional | Shell ID of async command \(Provide with command\_id\) | string | `winrm shell id` +**command_id** | optional | Command ID of async command (Provide with shell_id) | string | `winrm command id` +**shell_id** | optional | Shell ID of async command (Provide with command_id) | string | `winrm shell id` #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.async | boolean | -action\_result\.parameter\.command\_id | string | `winrm command id` -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.parameter\.parser | string | `vault id` -action\_result\.parameter\.script\_file | string | `vault id` -action\_result\.parameter\.script\_str | string | -action\_result\.parameter\.shell\_id | string | `winrm shell id` -action\_result\.data\.\*\.status\_code | numeric | -action\_result\.data\.\*\.std\_err | string | -action\_result\.data\.\*\.std\_out | string | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -action\_result\.summary\.command\_id | string | `winrm command id` -action\_result\.summary\.shell\_id | string | `winrm shell id` -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.async | boolean | | True False +action_result.parameter.command_id | string | `winrm command id` | 1AAA1111-1A11-11A1-1111-1A1AAA1A11A1 +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.parameter.parser | string | `vault id` | 8afa5c86de9ea94ecfe5b4c0837d2543d0b20b56 +action_result.parameter.script_file | string | `vault id` | 8afa5c86de9ea94ecfe5b4c0837d2543d0b20b56 +action_result.parameter.script_str | string | | Write-Host Hello +action_result.parameter.shell_id | string | `winrm shell id` | 1AAA1111-1A11-11A1-1111-1A1AAA1A11A1 +action_result.data.\*.status_code | numeric | | 0 +action_result.data.\*.std_err | string | | Error message +action_result.data.\*.std_out | string | | Successful output +action_result.status | string | | success failed +action_result.message | string | | Successfully ran PowerShell script +action_result.summary | string | | +action_result.summary.command_id | string | `winrm command id` | 1AAA1111-1A11-11A1-1111-1A1AAA1A11A1 +action_result.summary.shell_id | string | `winrm shell id` | 1AAA1111-1A11-11A1-1111-1A1AAA1A11A1 +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'list processes' List the currently running processes @@ -271,27 +271,27 @@ Read only: **True** #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.data\.\*\.handles | numeric | -action\_result\.data\.\*\.name | string | `process name` -action\_result\.data\.\*\.non\_paged\_memory | numeric | -action\_result\.data\.\*\.paged\_memory | numeric | -action\_result\.data\.\*\.pid | numeric | `pid` -action\_result\.data\.\*\.processor\_time\_\(s\) | numeric | -action\_result\.data\.\*\.virtual\_memory | numeric | -action\_result\.data\.\*\.working\_set | numeric | -action\_result\.data\.\*\.session\_id | numeric | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -action\_result\.summary\.num\_processes | numeric | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.data.\*.handles | numeric | | 33 +action_result.data.\*.name | string | `process name` | cmd +action_result.data.\*.non_paged_memory | numeric | | 3 +action_result.data.\*.paged_memory | numeric | | 1564 +action_result.data.\*.pid | numeric | `pid` | 3108 +action_result.data.\*.processor_time_(s) | numeric | | 0.02 +action_result.data.\*.virtual_memory | numeric | | 14 +action_result.data.\*.working_set | numeric | | 2384 +action_result.data.\*.session_id | numeric | | +action_result.status | string | | success failed +action_result.message | string | | Successfully got process list +action_result.summary | string | | +action_result.summary.num_processes | numeric | | 451 +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'terminate process' Terminate a process @@ -304,20 +304,20 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- **pid** | optional | The PID of the process to terminate | numeric | `pid` **name** | optional | Name of program to terminate, accepts wildcards | string | `process name` -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.parameter\.name | string | `process name` -action\_result\.parameter\.pid | numeric | `pid` -action\_result\.data | string | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.parameter.name | string | `process name` | iexplore +action_result.parameter.pid | numeric | `pid` | 451 +action_result.data | string | | +action_result.status | string | | success failed +action_result.message | string | | Successfully terminated process +action_result.summary | string | | +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'list connections' List all active connections @@ -328,25 +328,25 @@ Read only: **True** #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.data\.\*\.foreign\_address\_ip | string | `ip` -action\_result\.data\.\*\.foreign\_address\_port | string | `port` -action\_result\.data\.\*\.local\_address\_ip | string | `ip` -action\_result\.data\.\*\.local\_address\_port | string | `port` -action\_result\.data\.\*\.pid | numeric | `pid` -action\_result\.data\.\*\.protocol | string | -action\_result\.data\.\*\.state | string | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -action\_result\.summary\.num\_connections | numeric | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.data.\*.foreign_address_ip | string | `ip` | 8.8.8.8 +action_result.data.\*.foreign_address_port | string | `port` | 11100 +action_result.data.\*.local_address_ip | string | `ip` | 8.8.8.8 +action_result.data.\*.local_address_port | string | `port` | 11100 +action_result.data.\*.pid | numeric | `pid` | 451 +action_result.data.\*.protocol | string | | TCP +action_result.data.\*.state | string | | ESTABLISHED +action_result.status | string | | success failed +action_result.message | string | | Successfully listed connections +action_result.summary | string | | +action_result.summary.num_connections | numeric | | 451 +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'list firewall rules' List the firewall rules @@ -354,45 +354,45 @@ List the firewall rules Type: **investigate** Read only: **True** -When you are using the other parameter, you can match for any field which is returned in the action result\. It will only return a rule if it matches all of the criteria, not if it matches at least one\. +When you are using the other parameter, you can match for any field which is returned in the action result. It will only return a rule if it matches all of the criteria, not if it matches at least one. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**filter\_port** | optional | Only show firewall rules acting on this port | string | `port` -**filter\_ip** | optional | Only show firewall rules acting on this ip | string | `ip` +**filter_port** | optional | Only show firewall rules acting on this port | string | `port` +**filter_ip** | optional | Only show firewall rules acting on this ip | string | `ip` **direction** | optional | Only show firewall rules in this direction | string | **protocol** | optional | Only show firewall rules using this protocol | string | `winrm protocol` **other** | optional | JSON object of key value pairs of other fields to match | string | -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.direction | string | -action\_result\.parameter\.filter\_ip | string | `ip` -action\_result\.parameter\.filter\_port | string | `port` -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.parameter\.other | string | -action\_result\.parameter\.protocol | string | `winrm protocol` -action\_result\.data\.\*\.action | string | -action\_result\.data\.\*\.direction | string | -action\_result\.data\.\*\.edge\_traversal | string | -action\_result\.data\.\*\.enabled | string | -action\_result\.data\.\*\.grouping | string | -action\_result\.data\.\*\.local\_ip | string | `ip` -action\_result\.data\.\*\.local\_port | string | `port` -action\_result\.data\.\*\.profiles | string | -action\_result\.data\.\*\.protocol | string | `winrm protocol` -action\_result\.data\.\*\.remote\_ip | string | `ip` -action\_result\.data\.\*\.remote\_port | string | `port` -action\_result\.data\.\*\.rule\_name | string | `windows firewall rule name` -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -action\_result\.summary\.num\_rules | numeric | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.direction | string | | in +action_result.parameter.filter_ip | string | `ip` | 8.8.8.8 +action_result.parameter.filter_port | string | `port` | 11100 +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.parameter.other | string | | {"enabled": "yes"} +action_result.parameter.protocol | string | `winrm protocol` | tcp +action_result.data.\*.action | string | | allow +action_result.data.\*.direction | string | | in +action_result.data.\*.edge_traversal | string | | no +action_result.data.\*.enabled | string | | yes +action_result.data.\*.grouping | string | | windows remote management +action_result.data.\*.local_ip | string | `ip` | any +action_result.data.\*.local_port | string | `port` | 5985 +action_result.data.\*.profiles | string | | domain,private +action_result.data.\*.protocol | string | `winrm protocol` | tcp +action_result.data.\*.remote_ip | string | `ip` | any +action_result.data.\*.remote_port | string | `port` | any +action_result.data.\*.rule_name | string | `windows firewall rule name` | windows remote management (http-in) +action_result.status | string | | success failed +action_result.message | string | | Successfully retrieved firewall rules +action_result.summary | string | | +action_result.summary.num_rules | numeric | | 451 +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'delete firewall rule' Remove a firewall rule using netsh @@ -400,40 +400,40 @@ Remove a firewall rule using netsh Type: **generic** Read only: **False** -This action will invoke the command netsh advfirewall firewall delete rule, and the rest is determined by the input\. At a minimum, the rule name must be provided, but if you need to you can also specify any other arguments which the command accepts, in the same manner, that input from the add firewall rule gets added\. +This action will invoke the command netsh advfirewall firewall delete rule, and the rest is determined by the input. At a minimum, the rule name must be provided, but if you need to you can also specify any other arguments which the command accepts, in the same manner, that input from the add firewall rule gets added. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- **name** | required | The name of the rule to remove | string | `windows firewall rule name` **dir** | optional | Blocks inbound or outbound traffic | string | -**remote\_ip** | optional | Firewall rule acts on this remote IP | string | `ip` -**local\_ip** | optional | Firewall rule acts on this local IP | string | `ip` -**remote\_port** | optional | Firewall rule acts on this remote port | string | `port` -**local\_port** | optional | Firewall rule acts on this local port | string | `port` +**remote_ip** | optional | Firewall rule acts on this remote IP | string | `ip` +**local_ip** | optional | Firewall rule acts on this local IP | string | `ip` +**remote_port** | optional | Firewall rule acts on this remote port | string | `port` +**local_port** | optional | Firewall rule acts on this local port | string | `port` **protocol** | optional | Firewall rule acts on this protocol | string | `winrm protocol` **other** | optional | JSON object of key value pairs for other parameters to include | string | -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.dir | string | -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.parameter\.local\_ip | string | `ip` -action\_result\.parameter\.local\_port | string | `port` -action\_result\.parameter\.name | string | `windows firewall rule name` -action\_result\.parameter\.other | string | -action\_result\.parameter\.protocol | string | `winrm protocol` -action\_result\.parameter\.remote\_ip | string | `ip` -action\_result\.parameter\.remote\_port | string | `port` -action\_result\.data | string | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -action\_result\.summary\.rules\_deleted | numeric | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.dir | string | | in out +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.parameter.local_ip | string | `ip` | 8.8.8.8 +action_result.parameter.local_port | string | `port` | 443 +action_result.parameter.name | string | `windows firewall rule name` | test rule +action_result.parameter.other | string | | {"profile": "domain"} +action_result.parameter.protocol | string | `winrm protocol` | any tcp +action_result.parameter.remote_ip | string | `ip` | 8.8.8.8 +action_result.parameter.remote_port | string | `port` | 443 +action_result.data | string | | +action_result.status | string | | success failed +action_result.message | string | | Successfully deleted firewall rules +action_result.summary | string | | +action_result.summary.rules_deleted | numeric | | 2 +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'block ip' Create a firewall rule to block a specified IP @@ -444,22 +444,22 @@ Read only: **False** #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` **name** | required | The name of the rule to add | string | `windows firewall rule name` -**remote\_ip** | required | Block this IP | string | `ip` +**remote_ip** | required | Block this IP | string | `ip` #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.parameter\.name | string | `windows firewall rule name` -action\_result\.parameter\.remote\_ip | string | `ip` -action\_result\.data | string | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.parameter.name | string | `windows firewall rule name` | test rule +action_result.parameter.remote_ip | string | `ip` | 8.8.8.8 +action_result.data | string | | +action_result.status | string | | success failed +action_result.message | string | | Successfully created firewall rule +action_result.summary | string | | +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'add firewall rule' Add a firewall rule using netsh @@ -467,7 +467,7 @@ Add a firewall rule using netsh Type: **generic** Read only: **False** -This action will invoke the command netsh advfirewall firewall add rule, where the rest is determined by the input\. Each key\-value pair from the other parameter will be added in the form of key=value\. The user input will be sanitized\. +This action will invoke the command netsh advfirewall firewall add rule, where the rest is determined by the input. Each key-value pair from the other parameter will be added in the form of key=value. The user input will be sanitized. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS @@ -475,33 +475,33 @@ PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS **name** | required | The name of the rule to add | string | `windows firewall rule name` **dir** | required | Block inbound or outbound traffic | string | **action** | required | What the firewall will do with packets | string | -**remote\_ip** | optional | Firewall rule acts on this remote IP | string | `ip` -**local\_ip** | optional | Firewall rule acts on this local IP | string | `ip` -**remote\_port** | optional | Firewall rule acts on this remote port | string | `port` -**local\_port** | optional | Firewall rule acts on this local port | string | `port` +**remote_ip** | optional | Firewall rule acts on this remote IP | string | `ip` +**local_ip** | optional | Firewall rule acts on this local IP | string | `ip` +**remote_port** | optional | Firewall rule acts on this remote port | string | `port` +**local_port** | optional | Firewall rule acts on this local port | string | `port` **protocol** | optional | Firewall rule acts on this protocol | string | `winrm protocol` **other** | optional | JSON object of key value pairs for other parameters to include | string | -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.action | string | -action\_result\.parameter\.dir | string | -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.parameter\.local\_ip | string | `ip` -action\_result\.parameter\.local\_port | string | `port` -action\_result\.parameter\.name | string | `windows firewall rule name` -action\_result\.parameter\.other | string | -action\_result\.parameter\.protocol | string | `winrm protocol` -action\_result\.parameter\.remote\_ip | string | `ip` -action\_result\.parameter\.remote\_port | string | `port` -action\_result\.data | string | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.action | string | | block +action_result.parameter.dir | string | | in out +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.parameter.local_ip | string | `ip` | 8.8.8.8 +action_result.parameter.local_port | string | `port` | 443 +action_result.parameter.name | string | `windows firewall rule name` | test rule +action_result.parameter.other | string | | {"profile": "domain"} +action_result.parameter.protocol | string | `winrm protocol` | any tcp +action_result.parameter.remote_ip | string | `ip` | 8.8.8.8 +action_result.parameter.remote_port | string | `port` | 443 +action_result.data | string | | +action_result.status | string | | success failed +action_result.message | string | | Successfully created firewall rule +action_result.summary | string | | +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'logoff user' Logoff a user @@ -512,20 +512,20 @@ Read only: **False** #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` -**session\_id** | required | Session ID | string | `windows session id` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` +**session_id** | required | Session ID | string | `windows session id` #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.parameter\.session\_id | string | `windows session id` -action\_result\.data | string | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.parameter.session_id | string | `windows session id` | 2 +action_result.data | string | | +action_result.status | string | | success failed +action_result.message | string | | Successfully logged off user +action_result.summary | string | | +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'list sessions' List all active sessions @@ -536,23 +536,23 @@ Read only: **True** #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.data\.\*\.id | string | `windows session id` -action\_result\.data\.\*\.name | string | -action\_result\.data\.\*\.this | boolean | -action\_result\.data\.\*\.type | string | -action\_result\.data\.\*\.username | string | `user name` -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -action\_result\.summary\.num\_sessions | numeric | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.data.\*.id | string | `windows session id` | 0 +action_result.data.\*.name | string | | services +action_result.data.\*.this | boolean | | True False +action_result.data.\*.type | string | | +action_result.data.\*.username | string | `user name` | +action_result.status | string | | success failed +action_result.message | string | | Successfully listed all sessions +action_result.summary | string | | +action_result.summary.num_sessions | numeric | | 1 +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'deactivate partition' Deactivate a partition @@ -560,23 +560,23 @@ Deactivate a partition Type: **contain** Read only: **False** -Deactivates the system partitions of a machine, which disallows booting from said partition\. The subsequent boot of the machine results in using the next option specified in the BIOS to boot from\. Often used to netboot for remote reimaging\. +Deactivates the system partitions of a machine, which disallows booting from said partition. The subsequent boot of the machine results in using the next option specified in the BIOS to boot from. Often used to netboot for remote reimaging. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.data | string | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.data | string | | +action_result.status | string | | success failed +action_result.message | string | | Successfully deactivated partition +action_result.summary | string | | +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'activate partition' Activate a partition @@ -587,18 +587,18 @@ Read only: **False** #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.data | string | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.data | string | | +action_result.status | string | | success failed +action_result.message | string | | Successfully activated partition +action_result.summary | string | | +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'shutdown system' Shutdown a system @@ -609,20 +609,20 @@ Read only: **False** #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` **comment** | optional | Comment to show to users | string | #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.comment | string | -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.data | string | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.comment | string | | Test shutdown +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.data | string | | +action_result.status | string | | success failed +action_result.message | string | | Successfully initiated system shutdown +action_result.summary | string | | +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'restart system' Restart a system @@ -633,20 +633,20 @@ Read only: **False** #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` **comment** | optional | Comment to show to users | string | #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.comment | string | -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.data | string | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.comment | string | | Test restart +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.data | string | | +action_result.status | string | | success failed +action_result.message | string | | Successfully initiated system restart +action_result.summary | string | | +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'list policies' List AppLocker Policies @@ -657,34 +657,34 @@ Read only: **True** #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` **location** | required | Which policies to list | string | -**ldap** | optional | LDAP Server\. Will only have an effect if 'location' is set to 'domain' | string | +**ldap** | optional | LDAP Server. Will only have an effect if 'location' is set to 'domain' | string | #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.parameter\.ldap | string | -action\_result\.parameter\.location | string | -action\_result\.data\.\*\.Conditions\.FilePublisherCondition\.\@BinaryName | string | -action\_result\.data\.\*\.Conditions\.FilePublisherCondition\.\@ProductName | string | -action\_result\.data\.\*\.Conditions\.FilePublisherCondition\.\@PublisherName | string | -action\_result\.data\.\*\.Conditions\.FilePublisherCondition\.BinaryVersionRange\.\@HighSection | string | -action\_result\.data\.\*\.Conditions\.FilePublisherCondition\.BinaryVersionRange\.\@LowSection | string | `ip` -action\_result\.data\.\*\.action | string | -action\_result\.data\.\*\.description | string | -action\_result\.data\.\*\.enforcement\_mode | string | -action\_result\.data\.\*\.file\_path\_condition | string | `file path` -action\_result\.data\.\*\.id | string | `windows applocker policy id` -action\_result\.data\.\*\.name | string | -action\_result\.data\.\*\.type | string | -action\_result\.data\.\*\.user\_or\_group\_sid | string | `winrm user or group sid` -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.parameter.ldap | string | | LDAP://8.8.8.8/CN={31b2f340-016d-11d2-945f-00c04fb984f9},CN=Policies,CN=System,DC=domain,DC=local +action_result.parameter.location | string | | local +action_result.data.\*.Conditions.FilePublisherCondition.@BinaryName | string | | \* +action_result.data.\*.Conditions.FilePublisherCondition.@ProductName | string | | \* +action_result.data.\*.Conditions.FilePublisherCondition.@PublisherName | string | | \* +action_result.data.\*.Conditions.FilePublisherCondition.BinaryVersionRange.@HighSection | string | | \* +action_result.data.\*.Conditions.FilePublisherCondition.BinaryVersionRange.@LowSection | string | `ip` | 8.8.8.8 +action_result.data.\*.action | string | | Allow +action_result.data.\*.description | string | | Allows members of the Everyone group to run packaged apps that are signed. +action_result.data.\*.enforcement_mode | string | | NotConfigured +action_result.data.\*.file_path_condition | string | `file path` | %SYSTEM32%\\NOTEPAD.EXE +action_result.data.\*.id | string | `windows applocker policy id` | a9e18c21-ff8f-43cf-b9fc-db40eed693ba +action_result.data.\*.name | string | | (Default Rule) All signed packaged apps +action_result.data.\*.type | string | | Appx +action_result.data.\*.user_or_group_sid | string | `winrm user or group sid` | S-1-1-0 +action_result.status | string | | success failed +action_result.message | string | | Successfully listed AppLocker Policies +action_result.summary | string | | +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'block file path' Create a new AppLocker policy to block a file path @@ -692,33 +692,33 @@ Create a new AppLocker policy to block a file path Type: **generic** Read only: **False** -By default, this policy will apply to the "Everyone" group\. You can specify the user with either a variety of formats, which are documented here\. By specifying LDAP, it will apply that policy to that GPO, as opposed to just the local machine\. By default, Windows does not have the service required service running for AppLocker policies to be enforced\. The Application Identity service must be running for AppLocker to enforce its policies\. +By default, this policy will apply to the "Everyone" group. You can specify the user with either a variety of formats, which are documented here. By specifying LDAP, it will apply that policy to that GPO, as opposed to just the local machine. By default, Windows does not have the service required service running for AppLocker policies to be enforced. The Application Identity service must be running for AppLocker to enforce its policies. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` -**deny\_allow** | required | Set this rule to allow or deny | string | -**file\_path** | required | File path to set rule to\. Allows wildcards \(i\.e\. C\:\\Windows\\System32\\\*\.exe\) | string | `file path` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` +**deny_allow** | required | Set this rule to allow or deny | string | +**file_path** | required | File path to set rule to. Allows wildcards (i.e. C:\\Windows\\System32\\\*.exe) | string | `file path` **user** | optional | User or group to apply rule to | string | `winrm user or group sid` -**rule\_name\_prefix** | optional | Prefix for new rule name | string | +**rule_name_prefix** | optional | Prefix for new rule name | string | **ldap** | optional | LDAP Server | string | #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.deny\_allow | string | -action\_result\.parameter\.file\_path | string | `file path` -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.parameter\.ldap | string | -action\_result\.parameter\.rule\_name\_prefix | string | -action\_result\.parameter\.user | string | `winrm user or group sid` -action\_result\.data | string | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.deny_allow | string | | allow deny +action_result.parameter.file_path | string | `file path` | C:\\Windows\\System32\\notepad.exe +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.parameter.ldap | string | | LDAP://8.8.8.8/CN={31b2f340-016d-11d2-945f-00c04fb984f9},CN=Policies,CN=System,DC=domain,DC=local +action_result.parameter.rule_name_prefix | string | | test +action_result.parameter.user | string | `winrm user or group sid` | Administrator +action_result.data | string | | +action_result.status | string | | success failed +action_result.message | string | | Successfully created AppLocker policy +action_result.summary | string | | +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'delete policy' Delete an AppLocker policy @@ -729,22 +729,22 @@ Read only: **False** #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` -**applocker\_policy\_id** | required | ID of policy to delete | string | `windows applocker policy id` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` +**applocker_policy_id** | required | ID of policy to delete | string | `windows applocker policy id` **ldap** | optional | LDAP Server | string | #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.applocker\_policy\_id | string | `windows applocker policy id` -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.parameter\.ldap | string | -action\_result\.data | string | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.applocker_policy_id | string | `windows applocker policy id` | 084ab400-83b8-432d-8dc2-f180fbe301ca +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.parameter.ldap | string | | LDAP://8.8.8.8/CN={31b2f340-016d-11d2-945f-00c04fb984f9},CN=Policies,CN=System,DC=domain,DC=local +action_result.data | string | | +action_result.status | string | | success failed +action_result.message | string | | Successfully deleted AppLocker Policy +action_result.summary | string | | +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'get file' Copy a file from the Windows Endpoint to the Vault @@ -755,21 +755,21 @@ Read only: **True** #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` -**file\_path** | required | Path to file | string | `file path` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` +**file_path** | required | Path to file | string | `file path` #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.file\_path | string | `file path` -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.data | string | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -action\_result\.summary\.vault\_id | string | `sha1` `vault id` -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.file_path | string | `file path` | C:\\Users\\administrator.CORP\\logo.jpg C:\\Users\\Administrator\\Desktop\\c.txt +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.data | string | | +action_result.status | string | | success failed +action_result.message | string | | Successfully retrieved file and added it to the Vault +action_result.summary | string | | +action_result.summary.vault_id | string | `sha1` `vault id` | 8afa5c86de9ea94ecfe5b4c0837d2543d0b20b56 +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'upload file' Copy a file from the vault to the Windows Endpoint @@ -780,22 +780,22 @@ Read only: **False** #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` -**vault\_id** | required | Vault ID of file | string | `vault id` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` +**vault_id** | required | Vault ID of file | string | `vault id` **destination** | required | Path to copy file to | string | `file path` #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.destination | string | `file path` -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.parameter\.vault\_id | string | `vault id` -action\_result\.data | string | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.destination | string | `file path` | C:\\Users\\administrator.CORP\\Desktop\\aasdf.txt +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.parameter.vault_id | string | `vault id` | 8afa5c86de9ea94ecfe5b4c0837d2543d0b20b56 +action_result.data | string | | +action_result.status | string | | success failed +action_result.message | string | | Successfully sent file +action_result.summary | string | | +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'copy file' Run the copy command on the Windows Endpoint @@ -803,27 +803,27 @@ Run the copy command on the Windows Endpoint Type: **generic** Read only: **False** -For best results, both the from and to parameters should be absolute paths to their respective locations\. +For best results, both the from and to parameters should be absolute paths to their respective locations. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` -**from** | required | File source \(path\) | string | `file path` -**to** | required | File destination \(path\) | string | `file path` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` +**from** | required | File source (path) | string | `file path` +**to** | required | File destination (path) | string | `file path` #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.from | string | `file path` -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.parameter\.to | string | `file path` -action\_result\.data | string | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.from | string | `file path` | C:\\Windows\\System32\\notepad.exe +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.parameter.to | string | `file path` | C:\\Windows\\System32\\notepad_copy.exe +action_result.data | string | | +action_result.status | string | | success failed +action_result.message | string | | Successfully copied files +action_result.summary | string | | +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 ## action: 'delete file' Run the delete command on the Windows Endpoint @@ -831,24 +831,24 @@ Run the delete command on the Windows Endpoint Type: **generic** Read only: **False** -For best results, the file path parameter should be an absolute path to a location\. +For best results, the file path parameter should be an absolute path to a location. #### Action Parameters PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS --------- | -------- | ----------- | ---- | -------- -**ip\_hostname** | optional | IP/Hostname | string | `ip` `host name` -**file\_path** | required | Path to file | string | `file path` +**ip_hostname** | optional | IP/Hostname | string | `ip` `host name` +**file_path** | required | Path to file | string | `file path` **force** | optional | Use the force flag for delete | boolean | #### Action Output -DATA PATH | TYPE | CONTAINS ---------- | ---- | -------- -action\_result\.parameter\.file\_path | string | `file path` -action\_result\.parameter\.force | boolean | -action\_result\.parameter\.ip\_hostname | string | `ip` `host name` -action\_result\.data | string | -action\_result\.status | string | -action\_result\.message | string | -action\_result\.summary | string | -summary\.total\_objects | numeric | -summary\.total\_objects\_successful | numeric | \ No newline at end of file +DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES +--------- | ---- | -------- | -------------- +action_result.parameter.file_path | string | `file path` | C:\\Windows\\System32\\notepad.exe +action_result.parameter.force | boolean | | True False +action_result.parameter.ip_hostname | string | `ip` `host name` | 8.8.8.8 8.8.8.8\\testphantom.local +action_result.data | string | | +action_result.status | string | | success failed +action_result.message | string | | Successfully deleted files +action_result.summary | string | | +summary.total_objects | numeric | | 1 +summary.total_objects_successful | numeric | | 1 \ No newline at end of file