Running a Batch file Using Agent Tools

Open ports between Cortex XSOAR server and Windows server, run a batch file using agent tools, for shared agents and D2 agents.
Run a simple batch file that returns results of a
command. You can use this Automation either in a Playbook or in the Cortex XSOAR CLI (manual investigation in an incident War Room).
Relevant for both shared agents and D2 agents.
Before you begin:
  • Open ports between the Cortex XSOAR server and the Windows server:
    Port 445 from Cortex XSOAR server to Windows server.
    Port 443 from Cortex XSOAR server to Windows server and vice versa.
  • Set the user credentials for the Windows server.
  1. Create a batch file.
    The file must be in ZIP or Tar format.
    In this example, we created a batch file, called TestBatch, containing the following.
    cd c:\ dir
  2. Upload the batch file to run.
    1. Select
      Agent Tools
      + Add Tool
    2. Drag-and-Drop or browse to the Zip or Tar file created in step 1.
  3. Add a system to the incident in the CLI or Automation.
    Use the following automation called "D2Execute.yml" to install the D2 Agent from within a playbook and run the automation (D2Run) that is running the utility/batch.
    commonfields: id: ef9edd54-0580-4945-8f06-f43dfb69fb20 version: 20 name: D2Execute script: |- demisto.results(demisto.executeCommand("addSystem", {"name":demisto.args()["name"], "host":demisto.args()["host"], "username":demisto.args()["username"], "password":demisto.args()["password"], "os":demisto.args()["os"]})) demisto.results("Installing Agent...") demisto.results(demisto.executeCommand("d2_install", {"system":demisto.args()["name"]})) demisto.results("Running script...") demisto.results(demisto.executeCommand(demisto.args()["scriptName"], {"id":demisto.args()["name"], "using":demisto.args()["name"]})) type: python tags: [] enabled: true args: - name: name required: true default: true description: System name - name: host required: true description: Computer name - name: os required: true auto: PREDEFINED predefined: - linux - osx - windows description: OS - name: username required: true description: username - name: password required: true secret: true description: password - name: scriptName required: true description: Script Name scripttarget: 0
  4. Execute the utility running the CLI or Automation.
    For example, use the following D2Run.yml automation:
    commonfields: id: 9a18460a-e72f-488a-8112-044c9a7be76a version: 13 name: D2Run script: |- //+TestBatch/TestBatch.bat var batch_file = 'TestBatch.bat'; if (env.OS !== 'windows') { throw ('script can only run on Windows'); } var d2path = pwd(); var batch_path = d2path + '\\' + batch_file; batch_path = batch_path.replace(/\\/g, "\\\\\\\\"); pack(execute('cmd /c ' + batch_path, 60)); type: javascript tags: [] enabled: true scripttarget: 1
    Note the following:
    : this is the name of the zip/batch file that you upload in Agent Tools.
    var batch_file = 'TestBatch.bat';
    : name of the batch file to run.

Recommended For You