RA2311: Collect File

Summary

ID	RA2311
Brief Description	Collect a specific file from a (remote) host or a system
Author	Cyberok
Creation Date	2023/03/03
Requirements	tool for transfer
References	https://cloudone.trendmicro.com/docs/workload-security/file-collection/
Response Stage	Identification
Response Actions Implementations	Collect file via SOLDR

Description

File Collection lets you collect objects directly from any host. Basically there is dozen ways to collect file, conditionally , they can be divided into two groups:

• manually performed

  1. SCP
  2. SFTP
  3. Powershell and etc...

• automated

  1. XDR solution
  2. SOAR implementation
  3. Scripted selfmade solution and etc...