Open ports between Cortex XSOAR server and the Windows server, and run a batch file using agent tools, for shared agents and D2 agents.
Run a simple batch file that returns results of a dir command. You can use this Automation either in a Playbook or in the Cortex XSOAR CLI (manual investigation in an incident War Room).
Relevant for both shared agents and D2 agents.
Before you begin:
Open ports between the Cortex XSOAR server and the Windows server:
Port 445 from Cortex XSOAR server to Windows server.
Port 443 from Cortex XSOAR server to Windows server and vice versa.
Set the user credentials for the Windows server.
Create a batch file.
The file must be in ZIP or Tar format.
In this example, we created a batch file, called TestBatch, containing the following.
cd c:\ dir
Upload the batch file to run.
Select → → → →
Drag-and-Drop or browse to the Zip or Tar file created in step 1.
Add a system to the incident in the CLI or Automation.
Use the following automation called "D2Execute.yml" to install the D2 Agent from within a playbook and run the automation (D2Run) that is running the utility/batch.
commonfields: id: ef9edd54-0580-4945-8f06-f43dfb69fb20 version: 20 name: D2Execute script: |- demisto.results(demisto.executeCommand("addSystem", {"name":demisto.args()["name"], "host":demisto.args()["host"], "username":demisto.args()["username"], "password":demisto.args()["password"], "os":demisto.args()["os"]})) demisto.results("Installing Agent...") demisto.results(demisto.executeCommand("d2_install", {"system":demisto.args()["name"]})) demisto.results("Running script...") demisto.results(demisto.executeCommand(demisto.args()["scriptName"], {"id":demisto.args()["name"], "using":demisto.args()["name"]})) type: python tags: [] enabled: true args: - name: name required: true default: true description: System name - name: host required: true description: Computer name - name: os required: true auto: PREDEFINED predefined: - linux - osx - windows description: OS - name: username required: true description: username - name: password required: true secret: true description: password - name: scriptName required: true description: Script Name scripttarget: 0Execute the utility running the CLI or Automation.
For example, use the following D2Run.yml automation:
commonfields: id: 9a18460a-e72f-488a-8112-044c9a7be76a version: 13 name: D2Run script: |- //+TestBatch/TestBatch.bat var batch_file = 'TestBatch.bat'; if (env.OS !== 'windows') { throw ('script can only run on Windows'); } var d2path = pwd(); var batch_path = d2path + '\\' + batch_file; batch_path = batch_path.replace(/\\/g, "\\\\\\\\"); pack(execute('cmd /c ' + batch_path, 60)); type: javascript tags: [] enabled: true scripttarget: 1Note the following:
//+TestBatch/TestBatch.bat: this is the name of the zip/batch file that you upload in Agent Tools.var batch_file = 'TestBatch.bat';: name of the batch file to run.