Click on Payloads in the left hand menu to be presented with the Payloads view.
Give the payload a name and click Create Payload.
Copy the cURL command to your clipboard. Open a terminal and paste in the command. At the end of the command, replace you-file.exe with the path of and name of the file that you would like to run on the endpoint(s).
After you run the command you can refresh the browser and you should see your uploaded payload.
There are several ways to run payloads on the endpoints.
Going Live on a Box
The simplest and most straightforward way to run a payload on the endpoint is through the web application. Visit the EDR Sensor view for the given endpoint that you would like to execute the payload on and visit the console. Please note that arguments are optional and dependent on the script or executable being run.
run --payload-name <file-name> --arguments "<arguments>"
After running the command you should see an execution receipt in the console.
As a Response Action
Payloads can be run as part of a response action that was triggered from a detection. A response action that runs a payload would look like the following. Please note that arguments are optional and dependent on the script or executable being run.
- action: task run --payload-name <file-name> --arguments "<arguments>"