-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtrigger-input.json
More file actions
33 lines (33 loc) · 1.2 KB
/
trigger-input.json
File metadata and controls
33 lines (33 loc) · 1.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{
"$schema": "https://json-schema.org/draft-07/schema",
"type": "object",
"properties": {
"falcon_sensor_id": {
"type": "string",
"format": "aid",
"pattern": "^[A-Fa-f0-9]{32}$|^\\$\\{[^{}]*\\}$",
"title": "Falcon Sensor ID",
"description": "CrowdStrike Falcon Agent ID (AID) of the target endpoint. 32-character hexadecimal string."
},
"target_browser": {
"type": "string",
"enum": ["Google Chrome", "Microsoft Edge", "Brave"],
"title": "Target Browser",
"default": "Google Chrome",
"description": "Chromium-based browser to collect forensic data from."
},
"output_format": {
"type": "string",
"enum": ["xlsx", "sqlite", "jsonl"],
"title": "Output Format",
"default": "xlsx",
"description": "File format for Hindsight forensic output (xlsx for Excel, sqlite for database, jsonl for JSON lines)."
},
"target_username": {
"type": "string",
"title": "Target Username",
"description": "Windows username whose browser profile to analyze. Leave empty for auto-discovery of the currently logged-in user."
}
},
"required": ["falcon_sensor_id", "target_browser", "output_format"]
}