CrowdStrike Falcon X
Use the CrowdStrike Falcon Intelligence Sandbox integration to submit files, file hashes, URLs, and FTPs for sandbox analysis, and to retrieve reports.
Forensics & Malware Analysis · CrowdStrike Falcon Intelligence Sandbox
Configuration parameters
base_url— Cloud Base URL (e.g., https://api.crowdstrike.com)credentials— Client ID (required)insecure— Trust any certificate (not secure)proxy— Use system proxy settingsreliability— Source Reliability
Commands (11)
-
cs-fx-check-quotaReturns the total quota number and the in use quota number.
-
cs-fx-download-iocDownloads IOC packs, PCAP files, and other analysis artifacts.
-
cs-fx-find-reportsFinds sandbox reports by providing an FQL filter and paging details.
-
cs-fx-find-submission-idFinds submission IDs for uploaded files by providing an FQL filter and paging details. Returns a set of submission IDs that match the search criteria.
-
cs-fx-get-analysis-statusChecks the status of a sandbox analysis.
-
cs-fx-get-full-reportGets a full version of a sandbox report.
-
cs-fx-get-report-summaryGets a short summary version of a sandbox report.
-
cs-fx-submit-uploaded-fileSubmits a sample SHA256 hash for sandbox analysis.
-
cs-fx-submit-urlSubmits a URL or FTP for sandbox analysis.
-
cs-fx-upload-fileUploads a file for sandbox analysis.
-
fileGets reputation data for one or more files, by sha256 hashes.