IBM QRadar SOAR

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

How to Execute Powershell Commands from Resilient ?

  • 1.  How to Execute Powershell Commands from Resilient ?

    Posted Thu March 18, 2021 10:33 AM

    Hi All,

    I want to access .txt file on our local shared drive using Resilient. Meaning, I want to access test.txt file in Example folder on 10.20.30.40 shared drive i.e. 10.20.30.40\Example\test.txt file.

    For that, I am trying to use fn_utilities function. However, I am unable to chalk out a way to do this ?

    Is it possible for anyone to share how to achieve this ? It would be really greatful.

    Thanks,



    ------------------------------
    Akhilesh Deshmukh,
    Data Analyst, SecurityHQ
    ------------------------------


  • 2.  RE: How to Execute Powershell Commands from Resilient ?

    Posted Fri March 19, 2021 03:22 PM

    Hi Akhilesh,

    We're in the right place. The fn_utilities.utilities_shell_command function will allow you to run powershell commands. 

    The syntax is a bit awkward, so I'll explain. In your app.config file, you'll identify the powershell command and the host(s) you want to run. The syntax will follow this pattern:

    [fn_utilities]
    <your host label>=(user:pass@server)
    <your script label>=[remote path to script]

    ex.
    [fn_utilities]
    machineA=(login1:password1@10.20.30.40)
    getFile=[/path/to/powershell.ps]

    Then, in your workflow with this function, your arguments will be:

    shell_command: getFile:machineA
    shell_remote: Yes
    shell_param1: /Example/test.txt

    This is assuming your powershell script accepts an argument for the file to list.

     Good luck.



    ------------------------------
    Mark Scherfling
    ------------------------------

    Original Message