09-08-2022 01:51 PM
When I try to put a filepath that has white spaces as an input in the command "cs-falcon-rtr-remove-file", I receive the following error:
CrowdStrike Falcon The command was failed with the errors: {'d5716ded5d214d61a23884dd9ef64078': 'Max args is 1. 5 were provided'}
The complete command used and retrieved from the warrom looks like this:
!cs-falcon-rtr-remove-file host_ids="<numeric host id>" file_path="\\Path\\To\\The\\File\\A\\Directory with whitespaces\\Directory\\Directory2with whitespaces \\File.exe" os="Windows"
(I replace the original path with some placeholder). I notice that taking into consideration the whitespaces, the filepath is split into 5 pieces, getting the mentioned error.
How can I escape the whitespaces? I tried with \ before the spaces, but it's not considered when the command is running, and \s is escaped as \\s, making a bad filepath.
The command comes from Crowdstrike Falcon Content Pack, and is implemented in the "CrowdStrike Falcon - True Positive Incident Handling" Playbook.
I really appreciate any help, regards.
09-08-2022 02:16 PM - edited 09-08-2022 02:21 PM
Can you try putting back ticks around the file path like this: file_path=`"\\Path\\To\\The\\File\\A\\Directory with whitespaces\\Directory\\Directory2with whitespaces \\File.exe"`
09-08-2022 02:55 PM
putting ` characters around filepath work well in cli, but how can I use that in Playbook tasks? thanks for your help.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
