IBM Security QRadar SOAR

 View Only
Expand all | Collapse all

How to Execute Powershell Commands from Resilient ?

  • 1.  How to Execute Powershell Commands from Resilient ?

    Posted Thu March 18, 2021 10:33 AM

    Hi All,

    I want to access .txt file on our local shared drive using Resilient. Meaning, I want to access test.txt file in Example folder on 10.20.30.40 shared drive i.e. 10.20.30.40\Example\test.txt file.

    For that, I am trying to use fn_utilities function. However, I am unable to chalk out a way to do this ?

    Is it possible for anyone to share how to achieve this ? It would be really greatful.

    Thanks,



    ------------------------------
    Akhilesh Deshmukh,
    Data Analyst, SecurityHQ
    ------------------------------


  • 2.  RE: How to Execute Powershell Commands from Resilient ?

    Posted Fri March 19, 2021 03:22 PM

    Hi Akhilesh,

    We're in the right place. The fn_utilities.utilities_shell_command function will allow you to run powershell commands. 

    The syntax is a bit awkward, so I'll explain. In your app.config file, you'll identify the powershell command and the host(s) you want to run. The syntax will follow this pattern:

    [fn_utilities]
    <your host label>=(user:pass@server)
    <your script label>=[remote path to script]

    ex.
    [fn_utilities]
    machineA=(login1:password1@10.20.30.40)
    getFile=[/path/to/powershell.ps]

    Then, in your workflow with this function, your arguments will be:

    shell_command: getFile:machineA
    shell_remote: Yes
    shell_param1: /Example/test.txt

    This is assuming your powershell script accepts an argument for the file to list.

     Good luck.



    ------------------------------
    Mark Scherfling
    ------------------------------