Document toolboxDocument toolbox

NetBIOS

[ 1 Connect NetBIOS with Devo SOAR ] [ 2 Actions for NetBIOS ] [ 2.1 nmblookup ] [ 2.1.1 Input Field ] [ 2.1.2 Output ] [ 2.2 nmblookup IP ] [ 2.2.1 Input Field ] [ 2.2.2 Output ] [ 2.3 Lookup NetBIOS IP ] [ 2.3.1 Input Field ] [ 2.3.2 Output ] [ 2.4 Lookup NetBIOS Name ] [ 2.4.1 Input Field ] [ 2.4.2 Output ] [ 3 Release Notes ]

NetBIOS is an OSI Session Layer 5 Protocol and a service that allows applications on computers to communicate with one another over a local area network (LAN). It is a non-routable Protocol and NetBIOS stands for Network Basic Input/Output System.

Connect NetBIOS with Devo SOAR

A connection needs to be saved to use NetBIOS integration.

  1. Navigate to Automations > Integrations.

  2. Search for NetBIOS.

  3. Click Details, then the + icon. Enter the required information in the following fields.

  4. Label: Enter a connection name.

  5. Reference Values: Define variables here to templatize integration connections and actions. For example, you can use https://www.{{hostname}}.com where, hostname is a variable defined in this input. For more information on how to add data, see 'Add Data' Input Type for Integrations.

  6. Verify SSL: Select option to verify connecting server's SSL certificate (Default is Verify SSL Certificate).

  7. Remote Agent: Run this integration using the Devo SOAR Remote Agent.

  8. After you've entered all the details, click Connect.

Actions for NetBIOS

nmblookup

Run NetBIOS nmblookup command. This action can be used to run nmblookup command with any arguments. Uses nmblookup binary. Since this is a very generic command, the response is simply formatted as:

{json}{ "std_out": std_out, "std_err": std_err }

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

nmblookup Arguments

Jinja-templated text containing arguments to pass. Example: '-A {{target_ip}}'

Required

Output

Scan results output as json containing std_out, std_err

nmblookup IP

Run NetBIOS nmblookup IP command. Basically, it runs nmblookup action with arguments -A <ip> and has its output parsed as json instead of plain std_out. Uses nmblookup binary.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

IP Column

Column name from the parent table to lookup value for IP.

Required

Result Format

Separate rows per host or Single row per row in the parent table. Default 'Separate'.

Optional

Output

json parsed result of std_out of nmblookup command

Lookup NetBIOS IP

Send a query on the network with IP and hopes that the machine will reply back with its name. Uses nmb.NetBIOS python lib.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

IP Column

Column name from the parent table to lookup value for IP.

 

Timeout Per Request

Specify Timeout per Request in seconds. Default '30'.

Optional

Result Format

Separate rows per host or Single row per row in the parent table.

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: result_array

Lookup NetBIOS Name

Send a query on the network and hopes that if the machine matching the name will reply with its IP address. Uses nmb.NetBIOS python lib.

Input Field

Choose a connection that you have previously created and then fill in the necessary information in the following input fields to complete the connection.

Input Name

Description

Required

Input Name

Description

Required

Name Column

Column name from the parent table to lookup value for NetBIOS name.

 

Timeout Per Request

Specify Timeout per Request in seconds. Default '30'.

Optional

Result Format

Separate rows per host or Single row per row in the parent table.

Optional

Output

A JSON object containing multiple rows of result:

  • has_error: True/False

  • error: message/null

  • result: result_array

Release Notes

  • v2.0.0 - Updated architecture to support IO via filesystem