From d191a7f7850f2eef6b899ff9c7b5734b856d55da Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Fri, 11 Apr 2025 13:34:29 -0700 Subject: [PATCH] =?UTF-8?q?bugfix=20=E2=80=94=20adds=20note=20about=20max?= =?UTF-8?q?=20file=20size?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- solutions/security/endpoint-response-actions.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/solutions/security/endpoint-response-actions.md b/solutions/security/endpoint-response-actions.md index c4e44cd9b1..da7e63269a 100644 --- a/solutions/security/endpoint-response-actions.md +++ b/solutions/security/endpoint-response-actions.md @@ -160,6 +160,10 @@ Required privilege (in {{stack}}) or custom role privilege (in {{serverless-shor Example: `get-file --path "/full/path/to/file.txt" --comment "Possible malware"` +::::{note} +The maximum file size that can be retrieved using `get-file` is `104857600` bytes, or 100 MB. +:::: + ::::{tip} You can use the [Osquery manager integration](/solutions/security/investigate/osquery.md) to query a host’s operating system and gain insight into its files and directories, then use `get-file` to retrieve specific files. ::::