Documents

Updated on 10 May 2023
1 Minute to read
Contributors

Print
Share
Dark
Light

Article summary

Did you find this summary helpful?

Thank you for your feedback

doc_cache_get

Retrieve a document / file that was cached on the sensor.

Platforms:

Response Event:
GET_DOCUMENT_REP

This command is currently listed to the following document types:

.bat
.js
.ps1
.sh
.py
.exe
.scr
.pdf
.doc
.docm
.docx
.ppt
.pptm
.pptx
.xlt
.xlsm
.xlsx
.vbs
.rtf
.hta
.lnk
Any files created in system32 on Windows.

Usage:

usage: doc_cache_get [-h] [-f FILE_PATTERN] [-s HASHSTR]

optional arguments:
  -f FILE_PATTERN, --file_pattern FILE_PATTERN
                        a pattern to match on the file path and name of the
                        document, simple wildcards ? and * are supported
  -s HASHSTR, --hash HASHSTR
                        hash of the document to get

Was this article helpful?

What's Next

File and Registry Integrity Monitoring

Table of contents