Contact sales
Details

This pivot menu workflow uses the "Delete a File" catalog script in Cisco Orbital. It supports Windows, Linux, and macOS. An XDR automation prompt task is used to request which file to delete from the user who runs the workflow.

Description

This pivot menu workflow uses the Delete a File catalog script in Cisco Orbital. It supports Windows, Linux, and macOS. An XDR automation prompt task is used to request which file to delete from the user who runs the workflow.

Please make sure to enter the full path for the file to delete (e.g. C:\Windows\notepadz.exe). The result of the Orbital job will be sent via a notification.

Note: This workflow will not delete files in system folders.

Target: Orbital - v0

Steps:

  • Create a prompt asking which file to delete
  • Determine which observable we're using to identify the endpoint
  • Run the Orbital script
  • Check if the script execution was successful (if not, end the workflow)
  • Let the user know the script was executed
Required targets

This workflow requires the following targets to be available before it can be run.

Integration targets

  • Orbital
  • Cisco XDR
About
Author
Christopher van der Made
Version
v1.1
Intent
Pivot Menu
Integration
Average rating
5.0 out of 5
Authorship
Community
Contact and support information
chrivand@cisco.com
External links

Content Licensing

Developer Community

Related workflows
Logo for Orbital
Cisco Orbital - Execute Query for Incident Assets
Cisco Managed
This workflow works with an incident automation rule or playbook task to execute an Orbital query on an XDR incident's assets.
Incident Response
Learn more
Logo for Orbital
Cisco Orbital - Execute Query for Selected Assets
Cisco Managed
This workflow works with an incident response playbook to execute an Orbital query on user-selected assets from an XDR incident.
Incident Response
Learn more
Logo for Orbital
Cisco Orbital - Execute Script for Incident Assets
Cisco Managed
This workflow works with an incident automation rule or playbook task to execute an Orbital script on an XDR incident's assets.
Incident Response
Learn more
Logo for Orbital
Cisco Orbital - Execute Script for Selected Assets
Cisco Managed
This workflow works with an incident response playbook to execute an Orbital script on user-selected assets from an XDR incident.
Incident Response
Learn more
Logo for Orbital
Cisco Orbital - Incident Response - Disable Local User Account
Community
This incident response workflow consumes one or more users (user or process_username) and attempts to disable the local account on endpoints running windows, mac or linux.
Incident Response
Learn more
Logo for Orbital
Cisco Orbital - Incident Response - Force User Logout
Community
This incident response workflow consumes one or more users (user or process_username) and attempts to force a logout from endpoints running windows, mac or linux.
Incident Response
Learn more
Logo for Orbital
Cisco Orbital - Incident Response - Re-enable Local User
Community
This incident response workflow consumes one or more users (user or process_username) and attempts to re-enable the local account on endpoints running windows, mac or linux This workflow is intended for use in a playbook during the recovery stage.
Incident Response
Learn more
Logo for Orbital
Cisco Orbital - Take Forensic Snapshot (Linux)
Cisco Managed
This workflow initiates a Cisco Orbital forensic snapshot for the endpoint identified by the provided observable.
Pivot Menu
Learn more