MENU
      Contents x
      Files and Directories
      • 08 Feb 2024
      • 1 Minute to read
      • Print
      • Dark
      Contents
        This documentation version is deprecated, please click here for the latest version.

      Files and Directories

      • Updated on 08 Feb 2024
      • 1 Minute to read
      • Print
      • Dark
      Article summary

      The following sensor commands perform actions against files and directories on EDR sensors.

      dir_find_hash

      Find files matching hashes starting at a root directory.

      Platforms:

      Return Event:
      DIR_FINDHASH_REP

      Usage:

      usage: dir_find_hash [-h] [-d DEPTH] --hash HASHES rootDir fileExp

positional arguments:
  rootDir               the root directory where to begin the search from
  fileExp               a file name expression supporting basic wildcards like
                        * and ?

optional arguments:
  -d DEPTH, --depth DEPTH
                        optional maximum depth of the listing, defaults to a
                        single level
  --hash HASHES         sha256 to search for, can be specified multiple times
      Plain text

      dir_list

      List the contents of a directory.

      Platforms:

      Return Event:
      DIR_LIST_REP

      Usage:

      usage: dir_list [-h] [-d DEPTH] rootDir fileExp

positional arguments:
  rootDir               the root directory where to begin the listing from
  fileExp               a file name expression supporting basic wildcards like
                        * and ?

optional arguments:
  -d DEPTH, --depth DEPTH
                        optional maximum depth of the listing, defaults to a
                        single level
      Plain text

      file_del

      Delete a file from the endpoint.

      Platforms:

      Return Event:
      FILE_DEL_REP

      **Usage: **

      usage: file_del [-h] file

positional arguments:
  file        file path to delete
      Plain text

      file_get

      Retrieve a file from the endpoint.

      Note: The file_get command is limited to 10MB in size. For files larger than 10MB, please utilize the artifact_get command.

      Platforms:

      Return Event:
      FILE_GET_REP

      Usage:

      usage: file_get [-h] [-o OFFSET] [-s MAXSIZE] file

positional arguments:
  file                  file path to file to get

optional arguments:
  -o OFFSET, --offset OFFSET
                        offset bytes to begin reading the file at, in base 10
  -s MAXSIZE, --size MAXSIZE
                        maximum number of bytes to read, in base 10, max of
                        10MB
      Plain text

      file_hash

      Compute the hash of a file.

      Platforms:

      Return Event:
      FILE_HASH_REP

      Usage:

      usage: file_hash [-h] file

positional arguments:
  file        file path to hash
      Plain text

      file_info

      Get file information, timestamps, sizes, etc.

      Platforms:

      Return Event:
      FILE_INFO_REP

      Usage:

      usage: file_info [-h] file

positional arguments:
  file        file path to file to get info on
      Plain text

      file_mov

      Move / rename a file on the endpoint.

      Platforms:

      Return Event:
      FILE_MOV_REP

      Usage:

      usage: file_mov [-h] srcFile dstFile

positional arguments:
  srcFile     source file path
  dstFile     destination file path
      Plain text

      log_get

      log_get is a legacy command that has been replaced with artifact_get. You can still issue a log_get command from the Sensor, however the parameters and output are the same as artifact_get.

      Was this article helpful?
      What's Next