Code42 Search file events

Last updated
Save as PDF

The following describes the Code42: Search file events custom function in Code42 for Resilient. Input parameters are required unless noted. For more information, see Code42 for IBM Resilient customization settings.

Code42: Search file events

This function runs a file event query using Code42 Forensic Search, for example based on filename, file hash, and/or username. This function facilitates requests with "AND" conditions.

Input parameters

code42_md5_hashes (Text): See MD5 Hash in the Forensic Search reference guide. To use multiple values, separate them with a pipe "|" character.
code42_sha256_hashes (Text): See SHA256 Hash in the Forensic Search reference guide. To use multiple values, separate them with a pipe "|" character.
code42_hostnames (Text): See Hostname in the Forensic Search reference guide. To use multiple values, separate them with a pipe "|" character.
code42_usernames (Text): See Username (Code42) in the Forensic Search reference guide. To use multiple values, separate them with a pipe "|" character.
code42_filenames (Text): See Filename in the Forensic Search reference guide. To use multiple values, separate them with a pipe "|" character.
code42_file_paths (Text): See File Path in the Forensic Search reference guide. To use multiple values, separate them with a pipe "|" character.
code42_public_ip_addresses (Text): See IP Address (public) in the Forensic Search reference guide. To use multiple values, separate them with a pipe "|" character.
code42_private_ip_addresses (Text): See IP Address (private) in the Forensic Search reference guide. To use multiple values, separate them with a pipe "|" character.
code42_exposure_only (Boolean): See Exposure Type in the Forensic Search reference guide.
code42_on_or_before (Number): See Date Selector in the Forensic Search reference guide. Use UNIX Epoch time.
code42_on_or_after (Number): See Date Selector in the Forensic Search reference guide. Use UNIX Epoch time.

Output

result (dict):
- file_events (list): File events (up to 100*) matching the query. See the Example Value in the API Documentation for syntax.
- total_count (int): Number of file events matching the query.
error (str): If result is None, information on the cause of the error.

Raises

Exception if the function cannot connect to Code42.

*If the total count is over 100, use Code42 Forensic Search to view all the results.