Skip to main content

Documentation Index

Fetch the complete documentation index at: https://learninghub.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

  • cat
  • cd
  • clear
  • cp
  • encrypt
  • env
  • eventlog
  • filehash
  • get
  • getsid
  • help
  • history
  • ipconfig
  • kill
  • ls
  • map
  • memdump
  • mkdir
  • mount
  • mv
  • netstat
  • ps
  • reg query
  • reg set
  • reg delete
  • reg load
  • reg unload
  • restart
  • rm
  • runscript
  • shutdown
  • unmap
  • update history
  • update install
  • update list
  • update query
  • xmemdump
  • zip

Parameters

ParameterDescription
Base CommandActive-Responder command type we are going to execute, for example: get or cp.Refer to the RTR documentation for the full list of commands.
Command StringCommand’s input. For example get some_file.txt.
Session IDThe ID of the RTR Session to run the command on. You can find the Session ID in the response of the Create Batch Session action for the wanted host.

Example Output

{    "errors": [        {            "code": 0,            "id": "string",            "message": "string"        }    ],    "meta": {        "pagination": {            "limit": 0,            "offset": 0,            "total": 0        },        "powered_by": "string",        "query_time": 0,        "trace_id": "string",        "writes": {            "resources_affected": 0        }    },    "resources": [        {            "cloud_request_id": "string",            "queued_command_offline": false,            "session_id": "string"        }    ]}

Workflow Library Example

Run Command on a Single Host with Crowdstrike and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop