This article describes how to initiate a list endpoints info action to show detailed endpoint information using Palo Alto Networks Cortex™ XSOAR command line interface.
Base command
malwarebytes-list-endpoint-info
Input
| Argument name | Description | Required |
| hostname | The hostname of an endpoint in Nebula. | Optional |
| ip | The IP address of an endpoint in Nebula. | Optional |
Context Output
| Path | Type | Description |
| Malwarebytes.Endpoint.Assets | string | Asset information of the endpoint. |
| Malwarebytes.Endpoint.Hostname | string | The hostname that is mapped to this endpoint. |
| Malwarebytes.Endpoint.IPAddress | string | The IP address of this endpoint. |
| Malwarebytes.Endpoint.Domain | string | The domain of this endpoint. |
| Malwarebytes.Endpoint.MACAddress | string | The MAC address of this endpoint. |
| Malwarebytes.Endpoint.OS | string | The operating system of this endpoint. |
| Malwarebytes.Endpoint.OSVersion | string | The operating system version of this endpoint. |
| Malwarebytes.Endpoint.Model | string | The model of the machine or device. |
| Malwarebytes.Endpoint.Memory | int | Memory on this endpoint. |
| Endpoint.Hostname | string | The hostname that is mapped to this endpoint. |
| Endpoint.IPAddress | string | The IP address of this endpoint. |
| Endpoint.Domain | string | The domain of this endpoint. |
| Endpoint.MACAddress | string | The MAC address of this endpoint. |
| Endpoint.OS | string | The operating system of this endpoint. |
| Endpoint.OSVersion | string | The operating system version of this endpoint. |
| Endpoint.Model | string | The model of the machine or device. |
| Endpoint.Memory | int | Memory on this endpoint. |
Command example
!malwarebytes-list-endpoint-info hostname=TA-AZ-CLT1
Context example
{
"Malwarebytes.Endpoint": {
"MACAddress": "000D3A0AFEC2",
"Domain": "",
"Assets": {
"computer_info": {
"model": "Virtual Machine",
"manufacturer": "Microsoft Corporation"
},
"plugin_version": "1.2.0.330",
"object_sid": "",
"updates_installed": [],
"dhcp_scope_name": "",
"object_guid": "",
"drives": [
{
"name": "C:\\",
"total_size": 135838822400,
"freespace_available": 124591616000,
"freespace_total": 124591616000,
"volume_label": "Windows",
"drive_format": "NTFS"
},
{
"name": "D:\\",
"total_size": 8588816384,
"freespace_available": 7477661696,
"freespace_total": 7477661696,
"volume_label": "Temporary Storage",
"drive_format": "NTFS"
}
],
"domain_name": "",
"culture": "en-US",
"nics": [
{
"ips": [
"10.0.0.11"
],
"description": "Microsoft Hyper-V Network Adapter",
"mac_address": "000D3A0AFEC2"
}
],
"host_name": "TA-AZ-CLT1",
"software_installed": [
{
"product": "Google Chrome",
"version": "80.0.3987.87",
"vendor": "Google LLC",
"installed_date": "2020-02-05T00:00:00Z"
},
{
"product": "Malwarebytes Endpoint Agent",
"version": "1.2.0.0",
"vendor": "Malwarebytes",
"installed_date": "2020-02-05T00:00:00Z"
}
],
"memory": {
"total_physical": 4294967296,
"total_virtual": 5368094720,
"free_virtual": 2920792064,
"free_physical": 1683750912
},
"time_zone": "Etc/GMT",
"startups": [
{
"value": "explorer.exe",
"name": "Shell",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
},
{
"value": "",
"name": "System",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
},
{
"value": "",
"name": "Taskman",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
},
{
"value": "C:\\windows\\system32\\userinit.exe,",
"name": "Userinit",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"
},
{
"value": "C:\\windows\\system32\\SecurityHealthSystray.exe",
"name": "SecurityHealth",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
},
{
"value": "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}",
"name": "WebCheck",
"key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\ShellServiceObjectDelayLoad"
},
{
"name": "Authentication Packages",
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa"
},
{
"name": "Notification Packages",
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa"
},
{
"name": "Security Packages",
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Lsa"
},
{
"value": "credssp.dll",
"name": "SecurityProviders",
"key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SecurityProviders"
}
],
"fully_qualified_host_name": "TA-AZ-CLT1",
"os_info": {
"os_release_name": "Microsoft Windows 10 Pro",
"os_type": "Workstation",
"os_architecture": "Amd64",
"os_platform": "Windows",
"os_version": "10.0.17763"
}
},
"OS": "Windows",
"Hostname": "TA-AZ-CLT1",
"Memory": {
"total_physical": 4294967296,
"total_virtual": 5368094720,
"free_virtual": 2920792064,
"free_physical": 1683750912
},
"Model": "Virtual Machine",
"OSVersion": "10.0.17763",
"IPAddress": [
{
"ips": [
"10.0.0.11"
],
"description": "Microsoft Hyper-V Network Adapter",
"mac_address": "000D3A0AFEC2"
}
]
},
"Endpoint": {
"MACAddress": "000D3A0AFEC2",
"Domain": "",
"OS": "Windows",
"Hostname": "TA-AZ-CLT1",
"Memory": {
"total_physical": 4294967296,
"total_virtual": 5368094720,
"free_virtual": 2920792064,
"free_physical": 1683750912
},
"Model": "Virtual Machine",
"OSVersion": "10.0.17763",
"IPAddress": [
{
"ips": [
"10.0.0.11"
],
"description": "Microsoft Hyper-V Network Adapter",
"mac_address": "000D3A0AFEC2"
}
]
}
}
Human readable output
Endpoint Information for the Hostname: TA-AZ-CLT1
| computer_info | culsture | dhcp_scope_name | domain_name | drives | fully_qualified_host_name | host_name | memory | nics | object_guid | object_sid | os_info | plugin_version | software_installed | startups | time_zone | updates_installed |
| manufacturer: Microsoft Corporation model: Virtual Machine |
en-US | {'freespace_available': 124591616000, 'volume_label': 'Windows', 'drive_format': 'NTFS', 'freespace_total': 124591616000, 'name': 'C:\', 'total_size': 135838822400}, {'freespace_available': 7477661696, 'volume_label': 'Temporary Storage', 'drive_format': 'NTFS', 'freespace_total': 7477661696, 'name': 'D:\', 'total_size': 8588816384} |
TA-AZ-CLT1 | TA-AZ-CLT1 | total_virtual: 5368094720 free_virtual: 2920792064 total_physical: 4294967296 free_physical: 1683750912 |
{'mac_address': '000D3A0AFEC2', 'description': 'Microsoft Hyper-V Network Adapter', 'ips': ['10.0.0.11']} | os_platform: Windows os_architecture: Amd64 os_version: 10.0.17763 os_release_name: Microsoft Windows 10 Pro os_type: Workstation |
1.2.0.330 | {'vendor': 'Google LLC', 'product': 'Google Chrome', 'installed_date': '2020-02-05T00:00:00Z', 'version': '80.0.3987.87'}, {'vendor': 'Malwarebytes', 'product': 'Malwarebytes Endpoint Agent', 'installed_date': '2020-02-05T00:00:00Z', 'version': '1.2.0.0'} |
{'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'Shell', 'value': 'explorer.exe'}, {'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'System', 'value': ''}, {'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'Taskman', 'value': ''}, {'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon', 'name': 'Userinit', 'value': 'C:\windows\system32\userinit.exe,'}, {'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run', 'name': 'SecurityHealth', 'value': 'C:\windows\system32\SecurityHealthSystray.exe'}, {'key': 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad', 'name': 'WebCheck', 'value': '{E6FB5E20-DE35-11CF-9C87-00AA005127ED}'}, {'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa', 'name': 'Authentication Packages'}, {'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa', 'name': 'Notification Packages'}, {'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa', 'name': 'Security Packages'}, {'key': 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders', 'name': 'SecurityProviders', 'value': 'credssp.dll'} |
Etc/GMT |
Return to the table of contents.